Primary

Context

Nozbe TCC Permission Bypass Vulnerability on macOS

Vulnerability

A vulnerability in Nozbe for macOS, related to the 'RunAsNode' fuse being enabled, allows local attackers with unprivileged access to execute arbitrary code that inherits Nozbe's Transparency, Consent, and Control (TCC) permissions. This exploitation could enable access to user files in privacy-protected folders without triggering prompts for permission. The vulnerability affects all versions prior to 2025.11.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the same TCC permissions that Nozbe has been granted by the user, potentially leading to unauthorized access to sensitive files.

Remediation

Users can update to Nozbe version 2025.11 to address this vulnerability.

Added: Aug 26, 2025, 1:22 PM

Updated: Aug 26, 2025, 1:48 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.3

exploitability

4.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.3

exploitability

4.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nozbe TCC Permission Bypass Vulnerability on macOS

Vulnerability

Impact

Remediation

Affected Products

GIMP

MacVim

Invoice Ninja

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating