Affected Programs
In order to coordinate disclosure of this issue with 3rd party application vendors, Okta and Pitts contacted the CERT Coordination Center (CERT/CC). Along with CERT/CC all known third-party vendors were contacted prior to the disclosure of this bug. Pitts also provided a sample of a malicious Fat file that can be used by vendors to test their products.
The research stated that the following vendors and their applications were affected. I have also include the known updates to these tools that resolve the vulnerability.
- VirusTotal – CVE-2018-10408
- Google – Santa, molcodesignchecker – CVE-2018-10405 [Fixed in Santa .0.9.25]
- Facebook – OSQuery - CVE-2018-6336 [Fixed in 3.2.7]
- Objective Development – LittleSnitch – CVE-2018-10470 [Fixed in Nightly Build 4.1 (5165]
- F-Secure - xFence (also LittleFlocker) CVE-2018-10403
- Objective-See – WhatsYourSign, ProcInfo, KnockKnock, LuLu, TaskExplorer (and others). – CVE-2018-10404 [WhatsYourSign 1.5.0]
- Yelp - OSXCollector – CVE-2018-10406
- Carbon Black – Cb Response – CVE-2018-10407
While the above is a list of known third-party application, Pitts expects that many other applications are also vulnerable.
For any vendor information that is missing above, feel free to contact us and we will update the above list with your info.