kritische Sicherheitslücke in Little Snitch

Für die bekannte macOS-Firewall Little Snitch, der österreichischen Firma Objective Development, ist ein Update verfügbar, welches eine kritische Sicherheitslücke stopft. Die Installation des Updates sollte schnellstmöglich durchgeführt werden.

Details

Little Snitch 4.4 (5405)

Security

This version fixes a vulnerability which allows privilege escalation to root for any local user. Please upgrade before details of the vulnerability are published!

The vulnerability has been assigned the number CVE-2019-13013. More information will be made available later, when most users have upgraded to the latest version.

New Features

  • Added compatibility with macOS Catalina (10.15).
  • Little Snitch now monitors access to Berkeley Packet Filter devices. You can create rules to allow or deny access to these devices for particular applications.

Improvements

  • Improved display of information retrieved from an app’s Internet Access Policy.
  • Single file executables can now have an Internet Access Policy in their embedded Info.plist file.
  • Internet Access Policies from embedded frameworks and apps are now merged with the main application’s Internet Access Policy.
  • Improved identity check for apps that are signed with a Mac Developer certificate and currently debugged in Xcode.

Bug Fixes

  • Fixed an issue causing a message about a checksum failure to be wrongly shown for processes that fork multiple instances (for example a local http-Server).
  • Fixed an issue causing the creation of Diagnostics Reports to fail under rare circumstances.
  • Fixed an issue which caused Little Snitch to put a high load on one CPU under rare circumstances.

Other

  • Numerous user interface fixes and improvements.

Links

Release Notes auf der Hersteller-Seite
Produktseite