安全ID : QSA-24-51
Vulnerability in QVPN Device Client, Qsync Client, and Qfinder Pro for Mac
发布日期 : March 8, 2025
通用漏洞披露 : CVE-2024-53694
受影响产品: QVPN Device Client for Mac 2.2.x, Qsync Client for Mac 5.1.x, Qfinder Pro for Mac 7.11.x
严重程度
Moderate
状态
已解决
Summary
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several utility versions. If exploited, the vulnerability could allow local attackers who have gained user access to also gain access to otherwise unauthorized resources.
We have already fixed the vulnerability in the following versions:
| Affected Product | Fixed Version |
| QVPN Device Client for Mac 2.2.x | QVPN Device Client for Mac 2.2.5 and later |
| Qsync Client for Mac 5.1.x | Qsync Client for Mac 5.1.3 and later |
| Qfinder Pro for Mac 7.11.x | Qfinder Pro for Mac 7.11.1 and later |
Recommendation
To secure your device, we recommend regularly updating your QNAP utilities to the latest versions to benefit from vulnerability fixes. You can check the QNAP Utilities page to see the latest updates available to your device operating system.
附件
致谢: Mykola Grymalyuk
修订历史:
V1.0 (March 8, 2025) - Published
