Stats Application Local Privilege Escalation Vulnerability
Vulnerability
A local privilege escalation vulnerability has been identified in the Stats application for macOS. This issue arises from an insecure implementation of its XPC service, which allows unauthorized clients to connect to a privileged helper tool without proper verification. The helper tool can execute actions requiring elevated privileges, such as modifying fan settings and running the 'powermetrics' command. The vulnerability exists in versions of the Stats application prior to 2.11.21.
Impact
Exploitation of this vulnerability allows unauthorized clients to connect to the XPC service and invoke methods that can change hardware settings or execute arbitrary code with root privileges, giving full control over the system.
Reproduction
The vulnerability can be reproduced by creating a custom XPC client that connects to the 'eu.exelban.Stats.SMC.Helper' Mach service. This client can bypass the lack of verification and access the exposed methods, such as 'powermetrics', which can be exploited to execute arbitrary code with root privileges.
Remediation
Users are advised to upgrade to Stats version 2.11.21 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.