Primary

Context

Phiewer dylib Injection Vulnerability Leading to Command Execution

Vulnerability

A vulnerability in Phiewer version 4.1.0 allows for dynamic library (dylib) injection, which can lead to unauthorized command execution. This flaw enables attackers to inject a dylib file that could potentially allow remote control and unauthorized access to sensitive user data on macOS.

Impact

Exploitation of this vulnerability allows for local command execution.

Reproduction

To reproduce this vulnerability, use the provided dylib file to inject a command into the Phiewer application. Set the DYLD_INSERT_LIBRARIES environment variable to include the injected dylib file, and then launch Phiewer from its application directory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phiewer dylib Injection Vulnerability Leading to Command Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating