https://github.com/jonpalmisc/cve-2021-40531

Quarantine bypass and RCE vulnerability in Sketch (proof-of-concept)
https://github.com/jonpalmisc/cve-2021-40531

cve macos sketch

Last synced: 11 months ago
JSON representation

Quarantine bypass and RCE vulnerability in Sketch (proof-of-concept)

Host: GitHub
URL: https://github.com/jonpalmisc/cve-2021-40531
Owner: jonpalmisc
Created: 2021-11-19T17:38:34.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2021-11-22T14:52:04.000Z (over 4 years ago)
Last Synced: 2025-05-07T01:49:42.639Z (about 1 year ago)
Topics: cve, macos, sketch
Language: HTML
Homepage: https://jonpalmisc.com/2021/11/22/cve-2021-40531
Size: 1.95 KB
Stars: 12
Watchers: 3
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2021-40531

![Exploit Demo](https://jonpalmisc.com/assets/img/cve-2021-40531/demo.gif)

> This proof-of-concept in action.

[Sketch](https://www.sketch.com) is a popular UI/UX design app for macOS. This
post covers a vulnerability in Sketch that I discovered back in July,
CVE-2021-40531. In its simplest form, it is a macOS quarantine bypass, but in
context it can be used for remote code execution.

For more details, see my [blog post](https://jonpalmisc.com/2021/11/22/cve-2021-40531)
for a complete writeup.

## Notes

If you are testing this proof-of-concept locally, be aware that `feed.rss`
expects your web server to be running on port 8080.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/jonpalmisc/cve-2021-40531

Awesome Lists containing this project

README