Key Findings GoSign Desktop, a widely used electronic signature solution, contains critical vulnerabilities that can lead to remote code execution and privilege escalation. The platform disables TLS certificate validation when configured to use a proxy server, exposing users to man-in-the-middle attacks. The update mechanism relies on an unsigned manifest, allowing an attacker to deliver malicious updates and fully compromise the machine. Sensitive data, such as OAuth secrets
