Arturia Software Center Privilege Escalation Vulnerability
Vulnerability
A privilege escalation vulnerability has been identified in the Arturia Software Center for MacOS, specifically in version 2.12.0.3157. When a plugin is installed through the Arturia Software Center, an uninstall.sh bash script is also placed in a root-owned directory. This script is assigned world-writable permissions, allowing any user to modify it. During the uninstallation process, the Privileged Helper is instructed to execute this script. If an attacker manipulates the bash script, it can lead to unauthorized privilege escalation.
Impact
Exploitation of this vulnerability allows for local privilege escalation, with the attacker gaining elevated rights on the system.
Reproduction
To reproduce this vulnerability, first install a plugin via the Arturia Software Center. This will create a directory under /Library/Arturia/ containing a world-writable uninstall.sh script. Once the plugin is installed, the Privileged Helper can be exploited to execute the manipulated uninstall.sh script as root, thereby escalating privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.