CVE-2024-23745

Summary

CVE-2024-23745 is a vulnerability affecting Notion Web Clipper version 1.0.3(7). Maliciously crafted .nib files can be exploited using the Dirty NIB attack, allowing the execution of arbitrary commands. Even if a NIB file is modified within an application, macOS' Gatekeeper may still allow the application's execution, enabling command execution within the application's context. The vendor considers this issue an instance of CVE-2022-48505, and they maintain that it is not a product-level vulnerability, as it involves incorrect caching of file signatures on macOS, and cannot be addressed with a product-level fix.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.