CVE-2025-4412 – Viscosity macOS Launch Agent Dynamic Library Loading Vulnerability

May 27, 2025

CVE ID : CVE-2025-4412

Published : May 27, 2025, 10:15 a.m. | 3 hours, 5 minutes ago

Description : On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity’s TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.

This issue was fixed in version 1.11.5 of Viscosity.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5117 – WordPress Property Plugin Privilege Escalation Vulnerability

Next Article CVE-2025-41653 – Citrix Web Server Denial of Service

Highlights

CVE-2025-5589 – StreamWeasels Kick Integration for WordPress Stored Cross-Site Scripting

June 14, 2025

CVE ID : CVE-2025-5589

Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago

Description : The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘status-classic-offline-text’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-4412 – Viscosity macOS Launch Agent Dynamic Library Loading Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Waze vs. Google Maps: Which navigation app is best?

Adobe Photoshop is getting its first AI agent – here’s what it can do for you

CVE-2025-5154 – PhonePe SQLite Database Cleartext Storage Vulnerability

Overwatch 2 gets a ‘Stadium Mode’ gameplay trailer, marking the biggest change the game has seen in years

CVE-2025-5589 – StreamWeasels Kick Integration for WordPress Stored Cross-Site Scripting

CVE-2025-1333 – IBM MQ Container Keycloak Information Disclosure

How to Sort Dates Efficiently in JavaScript

CVE-2025-6089 – Astun Technology iShare Maps Open Redirect Vulnerability

CVE-2025-4412 – Viscosity macOS Launch Agent Dynamic Library Loading Vulnerability

Related Posts