Arturia Software Center Privileged Helper Insufficient Client Validation Leading to Local Privilege Escalation
Vulnerability
A local privilege escalation vulnerability has been identified in the Arturia Software Center for MacOS, specifically in version 2.12.0.3157. The issue arises in the 'Privileged Helper' component, which fails to adequately validate client code signatures when a client connects. This lack of proper validation allows an attacker to connect to the helper and execute privileged actions, thereby escalating privileges locally.
Impact
Exploitation of this vulnerability allows for unauthorized privileged actions to be executed, leading to local privilege escalation on the affected system.
Reproduction
The vulnerability can be reproduced by exploiting the insufficient client validation in the Privileged Helper. After establishing a connection to the helper with an unsigned client, an attacker can trigger the execution of a maliciously crafted uninstall script as root. This script can be manipulated to perform unauthorized actions, such as adding a low-privileged user to the sudoers file.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.