CVE-2025-5963: The Postbox's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-envir

A vulnerability in Postbox on macOS (CVE-2025-5963) allows local attackers to inject malicious code through environment variables like DYLD_INSERT_LIBRARIES, exploiting security settings that disable library validation. The injected code can bypass TCC (Transparency, Consent, and Control, which is macOS's permission system) but is limited to access that the user has already granted to the application. Since Postbox is no longer maintained and the acquiring company did not cooperate with security researchers, no patch or update is available.