DTEX Forwarder Privilege Escalation Vulnerability via Unvalidated XPC Connections
Vulnerability
A privilege escalation vulnerability has been identified in DTEX DEC-M (DTEX Forwarder) version 6.1.1. The issue arises in the com.dtexsystems.helper service, which manages privileged operations for the macOS DTEX Event Forwarder agent. This service fails to perform essential client validation during XPC interprocess communication, allowing unauthorized clients to exploit the service's methods. Malicious actors can escalate privileges to root by abusing the DTConnectionHelperProtocol's submitQuery method over an unapproved XPC connection.
Impact
Exploitation of this vulnerability allows for local privilege escalation on macOS, with unauthorized clients gaining root access through the abused XPC connection.
Reproduction
The vulnerability can be reproduced by establishing an unauthorized XPC connection to the com.dtexsystems.helper service. Since the service does not validate the client's code requirements, entitlements, security flags, or version, a malicious client can exploit this lack of validation. Once the connection is established, the DTConnectionHelperProtocol's submitQuery method can be used to escalate privileges to root.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.