PSIRT Advisories

FortiClient (MacOS) - Dylib injection Vulnerability observed in FortiClientMacOS


An improper control of generation of code vulnerability [CWE-94] in FortiClient for MacOS may allow an authenticated attacker to hijack the MacOS camera via replacing the FortiClient camera handling library with a malicious one.

Affected Products

FortiClientMac version 7.0.0 and below.
FortiClientMac version 6.4.5 and below.


Please upgrade to FortiClientMac version 7.0.1 or above.

Please upgrade to FortiClientMac version 6.4.6 or above.


Fortinet is pleased to thank Tyler Price for reporting this vulnerability under responsible disclosure.