Submit #641358: alaneuler batteryKid v2.1 Missing Authentication for Critical Functioninfo

Titelalaneuler batteryKid v2.1 Missing Authentication for Critical Function
BeschreibungbatteryKid for macOS up to 2,1 registers a root-privileged XPC helper (me.alaneuler.batteryKid.PrivilegeHelper) that unconditionally accepts incoming connections without client validation. The helper exposes methods to read and write System Management Controller (SMC) keys, allowing any local process to invoke privileged hardware operations.
Quelle⚠️ https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md
Benutzer
 SwayZGl1tZyyy (UID 88771)
Einreichung25.08.2025 20:03 (vor 8 Monaten)
Moderieren01.09.2025 23:06 (7 days later)
StatusAkzeptiert
VulDB Eintrag322142 [alaneuler batteryKid bis 2.1 auf macOS NSXPCListener PrivilegeHelper.swift schwache Authentisierung]
Punkte18

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!