Share
## https://sploitus.com/exploit?id=14E30991-3889-5C66-818E-7BCDBC456342
# CVE-2024-53407
In Phiewer 4.1.0, a dylib injection leads to Command Execution whichallow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data in MacOs.

# Reproduce
use the .dylib file to inject a command
```shell
DYLD_INSERT_LIBRARIES=exploit_combined.dylib /Applications/Phiewer\ \(lite\).app/Contents/MacOS/Phiewer\ \(lite\)
```

# Impact
Command Execution (Local)

# References
https://phiewer.com/

https://vulners.com/cve/CVE-2024-53407