Last active
September 21, 2023 16:06
-
-
Save NSEcho/5d048a0796ceef59d6b1df1659bd1057 to your computer and use it in GitHub Desktop.
CVE-2023-41902 - MacUpdater before 3.1.2 and 2.3.8 - Local Privilege Escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Description] | |
An XPC misconfiguration vulnerability in CoreCode MacUpdater before | |
2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by abusing XPC misconfiguration along with crafting malicious .pkg files | |
[VulnerabilityType Other] | |
CWE-269 | |
[Vendor of Product] | |
CoreCode | |
[Affected Product Code Base] | |
MacUpdater - before 3.1.2 and 2.3.8 | |
[Affected Component] | |
PrivilegedHelpertool | |
[Attack Type] | |
Local | |
[Impact] | |
Escalation of Privileges | |
[Attack Vectors] | |
To exploit the vulnerability, an attacker needs to craft a C file which will communicate with the vulnerable PrivilegedHelperTool along with the malicious .pkg file which will be installed. | |
[Reference] | |
https://www.corecode.io/macupdater/history3.html | |
https://www.corecode.io/macupdater/history2.html | |
[Discoverer] | |
Erhad Husovic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment