| Название | https://github.com/X1a0He Adobe-Downloader <= 1.3.1 Local Privilege Escalation |
|---|
| Описание | The Adobe-Downloader application is vulnerable to a local privilege escalation due to insecure implementation of its XPC service. The application registers a Mach service under the name com.x1a0he.macOS.Adobe-Downloader.helper. The associated binary, com.x1a0he.macOS.Adobe-Downloader.helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client.
The root cause of this vulnerability lies in the shouldAcceptNewConnection method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. Consequently, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperToolProtocol interface.
Among the available methods, the executeCommand method is particularly dangerous. It allows the execution of arbitrary shell commands with root privileges, effectively granting attackers full control over the system. |
|---|
| Источник | ⚠️ https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation |
|---|
| Пользователь | winslow1984 (UID 79140) |
|---|
| Представление | 16.12.2024 18:59 (1 Год назад) |
|---|
| Модерация | 19.12.2024 09:21 (3 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 288966 [X1a0He Adobe Downloader до 1.3.1 на macOS XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection эскалация привилегий] |
|---|
| Баллы | 20 |
|---|