cve/2018/CVE-2018-10470.md

### [CVE-2018-10470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10470)
![](https://img.shields.io/static/v1?label=Product&message=Little%20Snitch&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-347%3A%20Improper%20Verification%20of%20Cryptographic%20Signature&color=brighgreen)

### Description

Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.

### POC

#### Reference
- https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-10470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10470)`
			`![](https://img.shields.io/static/v1?label=Product&message=Little%20Snitch&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-347%3A%20Improper%20Verification%20of%20Cryptographic%20Signature&color=brighgreen)`

			`### Description`

			Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.

			`### POC`

			`#### Reference`
			`- https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/`

			`#### Github`
			`No PoCs found on GitHub currently.`