CVE-2024-13187: 
Kingsoft WPS Office vulnerability analysis and mitigation

A critical vulnerability has been identified in Kingsoft WPS Office 6.14.0 on macOS. The vulnerability affects the TCC Handler component and involves code injection capabilities. The issue was disclosed in January 2025 and has been assigned CVE-2024-13187 (NVD).

The vulnerability stems from the absence of the Hardened Runtime signing option in the WPS Office macOS application, which is a security mechanism designed to prevent code injection attacks. Without this protection, attackers can perform DYLDINSERTLIBRARY injection and dylib hijacking. The vulnerability has been assigned a CVSS v4.0 score of 4.8 (Medium) and CVSS v3.1 score of 5.3 (Medium) (VulDB).

The vulnerability allows attackers to bypass the TCC (Transparency, Consent and Control) mechanism by loading malicious dylib into the WPS process. This enables unauthorized access to sensitive components such as cameras, microphones, and user directories (Documents, Downloads, Library, etc.) that WPS has been granted permission to access. The injected code runs with the same permissions as WPS, potentially leading to privacy violations and unauthorized data access (GitHub).

The primary solution is to enable the Hardened Runtime option in the application's code signing configuration. This simple configuration change can significantly reduce the risk of code injection and improve the overall security of the application (GitHub).