Time-to-check-time-to-use vulnerability in Keybase on macOS allows unauthorized tampering of user installs

Time-to-check-time-to-use vulnerability in Keybase on macOS allows unauthorized tampering of user installs

CVE-2019-7249 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper with another's installs.

Learn more about our Cis Benchmark Audit For Apple Macos.