| Titel | https://github.com/X1a0He Adobe-Downloader <= 1.3.1 Local Privilege Escalation |
|---|
| Beschreibung | The Adobe-Downloader application is vulnerable to a local privilege escalation due to insecure implementation of its XPC service. The application registers a Mach service under the name com.x1a0he.macOS.Adobe-Downloader.helper. The associated binary, com.x1a0he.macOS.Adobe-Downloader.helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client.
The root cause of this vulnerability lies in the shouldAcceptNewConnection method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. Consequently, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperToolProtocol interface.
Among the available methods, the executeCommand method is particularly dangerous. It allows the execution of arbitrary shell commands with root privileges, effectively granting attackers full control over the system. |
|---|
| Quelle | ⚠️ https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation |
|---|
| Benutzer | winslow1984 (UID 79140) |
|---|
| Einreichung | 16.12.2024 18:59 (vor 1 Jahr) |
|---|
| Moderieren | 19.12.2024 09:21 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 288966 [X1a0He Adobe Downloader bis 1.3.1 auf macOS XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|