CVE-2024-8272

CVSS V2 None CVSS V3 None
Description
The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root.
Overview
  • CVE ID
  • CVE-2024-8272
  • Assigner
  • Pentraze
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-25T17:52:14.805Z
  • Last Modified Date
  • 2024-11-25T18:42:00.202Z
References
Reference URL Reference Tags
https://pentraze.com/vulnerability-reports
History
Created Old Value New Value Data Type Notes
2024-11-26 13:06:41 Added to TrackCVE