HackAndPwn
Security & Vulnerability Researcher / Professional Penetration Tester

CVE-2020-7314 - McAfee - Incorrect Permission Assignment for Critical Resource

On macOS platforms, the McAfee Data Exchange Layer Client installer writes out temporary files with incorrect permission that can allow a low privileged user to run commands as root user. The fix for this issue is included in the MA 5.6.6 Update release.

Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files.

Trellix Security Bulletin SB10325


buy me a coffee