CVE-2024-8272
CVSS V2 None
CVSS V3 None
Description
The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root.
Overview
- CVE ID
- CVE-2024-8272
- Assigner
- Pentraze
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-25T17:52:14.805Z
- Last Modified Date
- 2024-11-25T18:42:00.202Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://pentraze.com/vulnerability-reports |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8272 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8272 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-26 13:06:41 | Added to TrackCVE |