| 제목 | https://github.com/X1a0He Adobe-Downloader <= 1.3.1 Local Privilege Escalation |
|---|
| 설명 | The Adobe-Downloader application is vulnerable to a local privilege escalation due to insecure implementation of its XPC service. The application registers a Mach service under the name com.x1a0he.macOS.Adobe-Downloader.helper. The associated binary, com.x1a0he.macOS.Adobe-Downloader.helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client.
The root cause of this vulnerability lies in the shouldAcceptNewConnection method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. Consequently, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperToolProtocol interface.
Among the available methods, the executeCommand method is particularly dangerous. It allows the execution of arbitrary shell commands with root privileges, effectively granting attackers full control over the system. |
|---|
| 원천 | ⚠️ https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation |
|---|
| 사용자 | winslow1984 (UID 79140) |
|---|
| 제출 | 2024. 12. 16. PM 06:59 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 19. AM 09:21 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 288966 [X1a0He Adobe Downloader 까지 1.3.1 켜짐 macOS XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection 권한 상승] |
|---|
| 포인트들 | 20 |
|---|