Primary

Context

Mattermost Desktop App Code Injection Vulnerability Allowing TCC Bypass on macOS

Vulnerability

A vulnerability exists in the Mattermost Desktop App for macOS, specifically in versions through 5.10.0. The issue arises from the app explicitly declaring unnecessary macOS entitlements, which can be exploited by an attacker with remote access to inject code. This code injection allows the attacker to bypass Transparency, Consent, and Control (TCC) restrictions.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the user's machine, allowing the attacker to bypass macOS privacy controls.

Remediation

Users are advised to update to the latest version of the Mattermost Desktop App. The latest version can be downloaded from the Mattermost website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Desktop App Code Injection Vulnerability Allowing TCC Bypass on macOS

Vulnerability

Impact

Remediation

Affected Products

Mattermost Desktop App

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating