| 标题 | alaneuler batteryKid v2.1 Missing Authentication for Critical Function |
|---|
| 描述 | batteryKid for macOS up to 2,1 registers a root-privileged XPC helper (me.alaneuler.batteryKid.PrivilegeHelper) that unconditionally accepts incoming connections without client validation. The helper exposes methods to read and write System Management Controller (SMC) keys, allowing any local process to invoke privileged hardware operations. |
|---|
| 来源 | ⚠️ https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md |
|---|
| 用户 | SwayZGl1tZyyy (UID 88771) |
|---|
| 提交 | 2025-08-25 20時03分 (8 月前) |
|---|
| 管理 | 2025-09-01 23時06分 (7 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 322142 [alaneuler batteryKid 直到 2.1 于 macOS NSXPCListener PrivilegeHelper.swift 弱身份验证] |
|---|
| 积分 | 18 |
|---|