← back
CVE-2021-40531

CVE-2021-40531

EPSS 32.8%
Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jonpalmisc.com/2021/11/22/cve-2021-40531https://www.sketch.com/updates/#version-75