CVE-2024-41913

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 6, 2024

Updated: Aug 13, 2024

CWE ID 434

Summary

CVE-2024-23460 is a vulnerability affecting the Zscaler Client Connector on MacOS versions prior to 4.2. The issue lies in the Zscaler Updater process, which fails to validate the digital signature of the installer before execution, making it susceptible to local arbitrary code execution attacks. This flaw could potentially allow attackers to inject malicious code and gain unauthorized access to the system. Users are advised to upgrade to the latest version of the software to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xMbnQn
https://www.cve.org/CVERecord?id=CVE-2024-41913
https://nvd.nist.gov/vuln/detail/CVE-2024-41913

Back to Vulnerability Database

CVE-2024-41913

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations