Vulnerabilities > CVE-2018-6336 - 7PK - Security Features vulnerability in Linuxfoundation Osquery
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | MacOS X Local Security Checks |
| NASL id | MACOSX_FACEBOOK_OSQUERY_3_2_7.NASL |
| description | The installed version of Facebook OSQuery is less than 3.2.7 and is therefore vulnerable to allowing execution of malicious binaries due to accepting forged Apple signatures. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 110643 |
| published | 2018-06-22 |
| reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/110643 |
| title | Facebook OSQuery Code Signing Bypass (macOS) |
The Hacker News
| id | THN:EAF6F042171A19B82AF7D46D233208C1 |
| last seen | 2018-06-12 |
| modified | 2018-06-12 |
| published | 2018-06-12 |
| reporter | Swati Khandelwal |
| source | https://thehackernews.com/2018/06/apple-mac-code-signing.html |
| title | Signature Validation Bug Let Malware Bypass Several Mac Security Products |