Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use (TOCTOU) Race Condition or Privilege Escalation vulnerability when performing an update, which attackers could exploit to carry out privilege escalation attacks by replacing the update file with a malicious one. This occurs as the application fails to properly validate the certificate of the updater executable or fails to lock the permissions of the update file after certificate validation. (CVE-2024-29072)
This Cyber News was published on www.tenable.com. Publication date: Fri, 24 May 2024 17:16:03 +0000