| Название | AppHouseKitchen AlDente - Charge Limiter < 1.30 Privilege Escalation |
|---|
| Описание | AppHouseKitchen AlDente-Charge Limiter <1.30 is vulnerable to unauthorized privileged hardware operations due to its insecure XPC client validation. The XPC server does not verify whether the client is valid, an attacker can communicate with the XPC server and instruct it to perform privileged hardware operation, such as reading and modifying hardware settings, by calling exposed methods of the helper protocol. In certain situations, physical damage and danger are possible, such as overheat, instability. |
|---|
| Источник | ⚠️ https://winslow1984.com/books/cve-collection/page/aldente-charge-limiter-130-unauthorized-privileged-hardware-operations |
|---|
| Пользователь | winslow1984 (UID 79140) |
|---|
| Представление | 31.01.2025 06:29 (1 Год назад) |
|---|
| Модерация | 06.02.2025 12:58 (6 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 294844 [AppHouseKitchen AlDente Charge Limiter до 1.29 на macOS XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection эскалация привилегий] |
|---|
| Баллы | 20 |
|---|