Twitch Studio Privileged Helper Tool Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Twitch Studio versions through 0.114.8. The issue resides in a privileged helper tool that lacks proper authorization for an XPC service, allowing local attackers to execute arbitrary code as root. By exploiting this vulnerability, attackers can overwrite system files and privileged binaries, leading to full system compromise. Although Twitch Studio was discontinued in May 2024, the vulnerable helper tool may still be present on users' systems.

Impact

Exploitation of this vulnerability allows for unauthorized root access, enabling attackers to execute arbitrary code with elevated privileges, potentially leading to a complete system compromise.

Reproduction

The vulnerability can be reproduced by creating a binary that executes a system command to modify the sudoers file, allowing passwordless sudo access. This binary can then be uploaded to the system using the vulnerable XPC service, which is unprotected and accessible to local attackers. Once the binary is in place, launching the helper tool will execute the binary with root privileges, granting elevated access.

Remediation

Users are advised to delete the Twitch Launcher Helper binary and its associated LaunchDaemon plist file.