| Title | AppHouseKitchen AlDente - Charge Limiter < 1.30 Privilege Escalation |
|---|
| Description | AppHouseKitchen AlDente-Charge Limiter <1.30 is vulnerable to unauthorized privileged hardware operations due to its insecure XPC client validation. The XPC server does not verify whether the client is valid, an attacker can communicate with the XPC server and instruct it to perform privileged hardware operation, such as reading and modifying hardware settings, by calling exposed methods of the helper protocol. In certain situations, physical damage and danger are possible, such as overheat, instability. |
|---|
| Source | ⚠️ https://winslow1984.com/books/cve-collection/page/aldente-charge-limiter-130-unauthorized-privileged-hardware-operations |
|---|
| User | winslow1984 (UID 79140) |
|---|
| Submission | 01/31/2025 06:29 (1 Year ago) |
|---|
| Moderation | 02/06/2025 12:58 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 294844 [AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization] |
|---|
| Points | 20 |
|---|