VMware Security Announcement VMSA-2020-0028
New VMware Security announcement released today. VMSA-2020-0028. This one for VMware Carbon Black Cloud macOS Sensor installer, the updates address file overwrite issue (CVE-2020-4008)
Impacted Products
VMware Carbon Black Cloud macOS Sensor
Introduction
A file overwrite issue affecting the installation of the Carbon Black Cloud Sensor for macOS, was privately reported to VMware. The issue has been addressed in the latest version of the installer.
VMware Carbon Black Cloud macOS Sensor installer file overwrite issue (CVE-2020-4008)
Description
The installer of the macOS Sensor for VMware Carbon Black Cloud handles certain files in an insecure way. VMware has evaluated the severity of this issue to be in the Low severity range with a CVSSv3 base score of 3.6.
Known Attack Vectors
A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. The malicious actor would have to trick a victim to install malware in order to obtain such access. Exploitation of this issue can only occur at a specific point of time during the installation process and depends on specific conditions.
Resolution
For Carbon Black Cloud macOS Sensor version 3.4.3 apply patch to version 3.5.1. Download links below.
References
Fixed Version(s) and Release Notes:
https://community.carbonblack.com/t5/Carbon-Black-Cloud-macOS-Sensor/tkb-p/release_notes_macos
Link to official VMware release
Thanks for reading!