The Polish Cert warns of a vulnerability in the video cut and postprocessing software Davinci Resolve. You can abuse attackers to increase the rights in the system or to carry out dylib hijacking.
Advertisement
In one The Cert.pl discusses the security notificationthat the DAVINCI resolve app in MacOS is installed with incorrect access rights for the file, namely “RWXRWXRWX”. For security reasons, the standard practice under MacOS is “drwxr-xr-x” for access rights in the file system (CVE-2025-1413CVSS 9.2Risk “critical“). The rights are read in the unix-common notation order (R), write (w) and execute (x) for file/folder owners, group as well as others.” Incorrect access rights enable dylib hijacking. Guest account, other users and applications can abuse the weak point to expand the access rights, “write the IT security researchers in the security notification.
Davinci Resolve: Update available
According to Cert.PL, Davinci Resolve is susceptible to this vulnerability in all versions before 19.1.3. Version 19.1.3 now provides the project to close the vulnerability.
Due to the severity of the gap, Davinci-resolve users should quickly update to the updated version. After clicking on the “Free Download Now” button, she is on the DaVinci resolve website Available for various operating systems. The updated version is also about available in the Mac app store.
Davinci Resolve is also powerful in the free version and is also enjoying some popularity because of this price. For example, it is well suited for the creation of reels and short videos that are important for social media such as YouTube, Tiktok or Instagram. For this purpose, we also provide a video instruction on Heise Online, which discusses how it works.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.