iFunbox Unquoted Service Path Vulnerability in Apple Mobile Device Service Allowing Privilege Escalation
Vulnerability
A vulnerability exists in iFunbox version 4.2 within the Apple Mobile Device Service, related to an unquoted service path. This flaw enables local attackers to execute code with elevated privileges. By inserting a malicious executable into the unquoted service path, attackers can execute it with LocalSystem rights when the service is restarted.
Impact
Exploitation of this vulnerability allows for unauthorized code execution with elevated privileges, potentially leading to a full system compromise.
Reproduction
The vulnerability can be reproduced by inserting an executable file into the unquoted service path of the Apple Mobile Device Service. This can be done undetected by the operating system or any security applications. Once the executable is in place, restarting the service or the system will execute the inserted file with elevated privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.