CVE-2026-24067 is a HIGH-severity vulnerability (CVSS Score: 8.4) affecting Slate Digital Connect 1.37.0 for macOS. The vulnerability arises from a time-of-check time-of-use (TOCTOU) race condition in the privileged helper tool, com.slatedigital.connect.privileged.helper.tool. This tool exposes an XPC service that validates connecting clients based on their process identifier (PID). However, due to PID re [truncated]
CVE-2026-24066 is a HIGH-severity vulnerability in Slate Digital Connect 1.37.0 for macOS. The vulnerability is caused by a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes an XPC service that can be accessed by a local attacker using a self-signed certificate with a specific organizational unit value. This allows unauthorized access to privileged helper functionality [truncated]
