{"id":9695,"date":"2025-08-04T20:49:29","date_gmt":"2025-08-04T20:49:29","guid":{"rendered":"http:\/\/localhost\/?p=9695"},"modified":"2025-08-04T20:49:29","modified_gmt":"2025-08-04T20:49:29","slug":"electron-capture-is-vulnerable-to-tcc-bypass-via-misconfigured-node-fuses-macos","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9695","title":{"rendered":"Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nElectron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-05T00:03:09.902Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-05T00:03:09.902Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nsteveseguin<\/td>\n<\/tr>\n
Product<\/th>\nelectroncapture<\/td>\n<\/tr>\n
Version<\/th>\n< 2.20.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.5 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA vulnerability in Electron Capture allows local users to bypass macOS TCC privacy protections, enabling arbitrary Node.js code execution with inherited TCC entitlements. This could grant access to sensitive files and directories. The issue is fixed in version 2.20.0.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nSteve Seguin<\/td>\n<\/tr>\n
AI Product<\/th>\nElectron Capture<\/td>\n<\/tr>\n
AI Version<\/th>\n2.19.1 and below<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n