- Description
- Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds powerful permissions including camera, microphone access, and the ability to access personal folders (Downloads, Documents, etc.) through Apple Events, while also maintaining dangerous entitlements that enable code injection. The concerning entitlements are com.apple.security.cs.allow-dyld-environment-variables and com.apple.security.cs.disable-library-validation. Since Tabby's plugins and themes are NodeJS-based without native libraries or frameworks, and no environment variables are used in the codebase, it is recommended to review and remove at least one of the entitlements (com.apple.security.cs.disable-library-validation or com.apple.security.cs.allow-dyld-environment-variables) to prevent DYLD_INSERT_LIBRARIES injection while maintaining full application functionality. This vulnerability is fixed in 1.0.216.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-276
- Hype score
- Not currently trending
CVE-2024-55950: Tabby Terminal Emulator Açığı, macOS Kullanıcılarını Gizlilik ve Güvenlik Risklerine Maruz Bırakıyor https://t.co/KFYd8o9N2q
@cyberwebeyeos
30 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-55950: Tabby Terminal Emulator Vulnerability Exposes macOS Users to Privacy and Security Risks Discover the high-severity vulnerability CVE-2024-55950 in #Tabby, a widely used terminal emulator for #Windows, #macOS, and #Linux https://t.co/Z4wBiIsxQ1
@the_yellow_fall
30 Dec 2024
236 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
I'm excited to share that before the end of 2024, I successfully obtained two new CVEs, both related to vulnerabilities in macOS applications. CVE-2024-55950: This vulnerability affects Tabby, a widely popular application with a dominant user base. Attackers can bypass TCC due…
@senzee1984
27 Dec 2024
2725 Impressions
5 Retweets
30 Likes
6 Bookmarks
1 Reply
0 Quotes
CVE-2024-55950 Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionalit... https://t.co/v8YycFLlKm
@VulmonFeeds
26 Dec 2024
70 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-55950 Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnec… https://t.co/q0AIx214o0
@CVEnew
26 Dec 2024
696 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-55950: HIGH] Tabby terminal emulator fixed security vulnerabilities in version 1.0.216 by removing dangerous entitlement permissions that could have led to potential cyber threats.#cybersecurity,#vulnerability https://t.co/APfOOhcSjz https://t.co/RgElEVO07x
@CveFindCom
26 Dec 2024
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes