CVE-2023-6288 – This vulnerability allows attackers to inject m... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to inject malicious code into Remote Desktop Manager on macOS by manipulating the DYLIB_INSERT_LIBRARIES environment variable. Successful exploitation enables arbitrary code execution with the privileges of the Remote Desktop Manager process. Users running affected versions of Remote Desktop Manager 2023.3.9.3 and earlier on macOS are vulnerable.

💻 Affected Systems

Products:

Remote Desktop Manager

Versions: 2023.3.9.3 and earlier

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS due to DYLIB_INSERT_LIBRARIES being a macOS-specific environment variable for dynamic library injection.

📦 What is this software?

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, allowing attackers to install malware, steal credentials, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to managed remote systems and credentials stored in Remote Desktop Manager.

🟢

If Mitigated

Limited impact with proper application sandboxing, least privilege principles, and network segmentation preventing lateral movement.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access or ability to manipulate environment variables through other attack vectors. The vulnerability leverages macOS's dynamic library loading mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.3.10.0 and later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2023-0021/

Restart Required: Yes

Instructions:

1. Download latest version from Devolutions website
2. Install the update
3. Restart Remote Desktop Manager
4. Verify version is 2023.3.10.0 or higher

🔧 Temporary Workarounds

Restrict DYLIB_INSERT_LIBRARIES

all

Prevent dynamic library injection by restricting the DYLIB_INSERT_LIBRARIES environment variable

export DYLIB_INSERT_LIBRARIES=""

Application Sandboxing

linux

Run Remote Desktop Manager with reduced privileges using macOS sandboxing

sandbox-exec -n no-network /Applications/Remote\ Desktop\ Manager.app/Contents/MacOS/Remote\ Desktop\ Manager

🧯 If You Can't Patch

Remove or restrict execution permissions for Remote Desktop Manager from untrusted users
Implement strict access controls and monitor for unusual process behavior or library loading

🔍 How to Verify

Check if Vulnerable:

Check Remote Desktop Manager version in About dialog or run: /Applications/Remote\ Desktop\ Manager.app/Contents/MacOS/Remote\ Desktop\ Manager --version

Check Version:

/Applications/Remote\ Desktop\ Manager.app/Contents/MacOS/Remote\ Desktop\ Manager --version

Verify Fix Applied:

Confirm version is 2023.3.10.0 or higher and test that DYLIB_INSERT_LIBRARIES manipulation no longer allows code injection

📡 Detection & Monitoring

Log Indicators:

Unusual library loading in macOS system logs
Process execution from unexpected locations by Remote Desktop Manager

Network Indicators:

Unexpected outbound connections from Remote Desktop Manager process

SIEM Query:

process_name:"Remote Desktop Manager" AND (event_type:"library_load" OR parent_process:unusual)

📊 Metadata

CVE ID: CVE-2023-6288

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: December 6, 2023

Last Updated: November 21, 2024

🔗 References

https://devolutions.net/security/advisories/DEVO-2023-0021/ Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2023-0021/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6288, you might also want to check these: