Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
2017-04-06T15:59:00.230
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | obdev | little_snitch | 3.0 | Yes |
Application | obdev | little_snitch | 3.0.1 | Yes |
Application | obdev | little_snitch | 3.0.2 | Yes |
Application | obdev | little_snitch | 3.0.3 | Yes |
Application | obdev | little_snitch | 3.0.4 | Yes |
Application | obdev | little_snitch | 3.1 | Yes |
Application | obdev | little_snitch | 3.1.1 | Yes |
Application | obdev | little_snitch | 3.3 | Yes |
Application | obdev | little_snitch | 3.3.1 | Yes |
Application | obdev | little_snitch | 3.3.2 | Yes |
Application | obdev | little_snitch | 3.3.3 | Yes |
Application | obdev | little_snitch | 3.3.4 | Yes |
Application | obdev | little_snitch | 3.4 | Yes |
Application | obdev | little_snitch | 3.4.1 | Yes |
Application | obdev | little_snitch | 3.4.2 | Yes |
Application | obdev | little_snitch | 3.5 | Yes |
Application | obdev | little_snitch | 3.5.1 | Yes |
Application | obdev | little_snitch | 3.5.2 | Yes |
Application | obdev | little_snitch | 3.5.3 | Yes |
Application | obdev | little_snitch | 3.6 | Yes |
Application | obdev | little_snitch | 3.6.1 | Yes |
Application | objective_development | little_snitch | 3.6.2 | Yes |
Application | objective_development | little_snitch | 3.6.3 | Yes |
Application | objective_development | little_snitch | 3.6.4 | Yes |
Application | objective_development | little_snitch | 3.7 | Yes |
Application | objective_development | little_snitch | 3.7.1 | Yes |
Application | objective_development | little_snitch | 3.7.2 | Yes |
Application | objective_development | little_snitch | 3.7.3 | Yes |