QwikSec

Security Database

CVE

CWE

Training

CVE-2018-6336

Published: Dec 31, 2018

Modified: May 6, 2025

PUBLISHED

Description

An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7

Vendor	Product	Versions
Facebook	osquery	affected `3.2.7` affected `unspecified - < 3.2.7`

Weaknesses (CWE)

References

https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.