CVE-2021-40531

This proof-of-concept in action.

Sketch is a popular UI/UX design app for macOS. This post covers a vulnerability in Sketch that I discovered back in July, CVE-2021-40531. In its simplest form, it is a macOS quarantine bypass, but in context it can be used for remote code execution.

For more details, see my blog post for a complete writeup.

Notes

If you are testing this proof-of-concept locally, be aware that feed.rss expects your web server to be running on port 8080.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
README.md		README.md
feed.rss		feed.rss
index.html		index.html
payload.terminal		payload.terminal

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

feed.rss

feed.rss

index.html

index.html

payload.terminal

payload.terminal

Repository files navigation

CVE-2021-40531

Notes

About

Releases

Packages

Languages

CrackerCat/CVE-2021-40531

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-40531

Notes

About

Resources

Stars

Watchers

Forks

Languages