| |
Vulnerability CVE-2022-3421
Published: 2022-10-17
| Description: |
An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 |
References: |
https://support.google.com/a/answer/7577057?hl=en
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
