| タイトル | https://github.com/X1a0He Adobe-Downloader <= 1.3.1 Local Privilege Escalation |
|---|
| 説明 | The Adobe-Downloader application is vulnerable to a local privilege escalation due to insecure implementation of its XPC service. The application registers a Mach service under the name com.x1a0he.macOS.Adobe-Downloader.helper. The associated binary, com.x1a0he.macOS.Adobe-Downloader.helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client.
The root cause of this vulnerability lies in the shouldAcceptNewConnection method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. Consequently, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperToolProtocol interface.
Among the available methods, the executeCommand method is particularly dangerous. It allows the execution of arbitrary shell commands with root privileges, effectively granting attackers full control over the system. |
|---|
| ソース | ⚠️ https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation |
|---|
| ユーザー | winslow1984 (UID 79140) |
|---|
| 送信 | 2024年12月16日 18:59 (1 年 ago) |
|---|
| モデレーション | 2024年12月19日 09:21 (3 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 288966 [X1a0He Adobe Downloader 迄 1.3.1 上 macOS XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection 特権昇格] |
|---|
| ポイント | 20 |
|---|