Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Drive
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3421 2 Apple, Google 2 Macos, Drive 2024-11-21 N/A 5.6 MEDIUM
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0