Skip to content
/ CVE-2021-40531 Public

Quarantine bypass and RCE vulnerability in Sketch (proof-of-concept)

jonpalmisc.com/2021/11/22/cve-2021-40531
12 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jonpalmisc/CVE-2021-40531

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

README.md

README.md

 
 

feed.rss

feed.rss

 
 

index.html

index.html

 
 

payload.terminal

payload.terminal

 
 

Repository files navigation

CVE-2021-40531

Exploit Demo

This proof-of-concept in action.

Sketch is a popular UI/UX design app for macOS. This post covers a vulnerability in Sketch that I discovered back in July, CVE-2021-40531. In its simplest form, it is a macOS quarantine bypass, but in context it can be used for remote code execution.

For more details, see my blog post for a complete writeup.

Notes

If you are testing this proof-of-concept locally, be aware that feed.rss expects your web server to be running on port 8080.

About

Quarantine bypass and RCE vulnerability in Sketch (proof-of-concept)

jonpalmisc.com/2021/11/22/cve-2021-40531

Topics

macos sketch cve

Resources

Readme
Activity

Stars

12 stars

Watchers

4 watching

Forks

3 forks
Report repository

Languages