Anaconda3 Local Privilege Escalation Vulnerability in macOS Installers Prior to 2024.06-1

A local privilege escalation vulnerability has been identified in Anaconda3 macOS installers prior to version 2024.06-1. When installed outside the user's home directory, these installers create world-writable files that are executed with root privileges. This behavior allows a low-privileged user to inject arbitrary commands, potentially leading to unauthorized code execution as the root user.

Impact

Exploitation of this vulnerability allows for local privilege escalation, enabling a low-privileged user to execute commands with root privileges.

Reproduction

The vulnerability can be reproduced by installing Anaconda3 version 2024.02-1 or earlier on macOS, outside the user's home directory. During the installation, the package creates world-writable files that can be modified by low-privileged users. Once the injected commands are executed, they run with elevated permissions, achieving privilege escalation.

Remediation

Users can upgrade to Anaconda3 version 2024.06-1 or later, where this vulnerability has been addressed by removing the `user_post_install.pkg` package.