| 제목 | mihomo-party-org mihomo-party 1.8.1 Local privilege abuse via unprotected UNIX socket in Mihomo Part |
|---|
| 설명 | Mihomo Party for macOS before version 1.8.1 exposes a root-owned UNIX socket (`/tmp/mihomo-party-helper.sock`) with world-readable and writable permissions. This socket accepts unauthenticated HTTP requests for setting system-wide proxy configurations. A local attacker can connect to this socket and configure the system to route all traffic through an attacker-controlled server, leading to potential man-in-the-middle (MiTM) attacks and data exfiltration.
|
|---|
| 원천 | ⚠️ https://github.com/SwayZGl1tZyyy/zero-days/blob/main/mihomo-party/README.md |
|---|
| 사용자 | SwayZGl1tZyyy (UID 88771) |
|---|
| 제출 | 2025. 08. 14. PM 03:23 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 25. PM 05:08 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 321343 [Mihomo Party 까지 1.8.1 켜짐 macOS Socket src/main/sys/sysproxy.ts enableSysProxy Local Privilege Escalation] |
|---|
| 포인트들 | 20 |
|---|