ClearanceKit Per-Process File Access Policy Enforcement Vulnerability on macOS
Vulnerability
A vulnerability in ClearanceKit prior to version 4.2.14 allows for improper enforcement of file access policies on macOS. During startup, only a single baseline rule is applied, leaving managed and user-defined rules unenforced until the user interacts with the GUI. This creates a window where file access paths protected by these rules are vulnerable to unrestricted access by any process. Additionally, jail rules are not applied during this period, allowing processes that should be confined to operate freely.
Impact
This vulnerability leads to a policy enforcement window where managed and user-defined file access rules are not applied, allowing unrestricted access to protected paths. In addition, jail rules are not enforced, enabling processes that should be confined to operate without restrictions.
Remediation
Users can update to ClearanceKit version 4.2.14 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.