This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mac_os_x | Apple | 10.15 (including) | 10.15.7 (excluding) |
Mac_os_x | Apple | 10.15.7 (including) | 10.15.7 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2020-001 (including) | 10.15.7-security_update_2020-001 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-001 (including) | 10.15.7-security_update_2021-001 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-002 (including) | 10.15.7-security_update_2021-002 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-003 (including) | 10.15.7-security_update_2021-003 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-004 (including) | 10.15.7-security_update_2021-004 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-005 (including) | 10.15.7-security_update_2021-005 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-006 (including) | 10.15.7-security_update_2021-006 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-007 (including) | 10.15.7-security_update_2021-007 (including) |
Mac_os_x | Apple | 10.15.7-supplemental_update (including) | 10.15.7-supplemental_update (including) |
Macos | Apple | 11.0 (including) | 11.6.2 (excluding) |
Macos | Apple | 12.0 (including) | 12.1 (excluding) |