CVE-2023-41902

Vulnerability

A misconfiguration in the XPC service (PrivilegedHelperTool) within CoreCode MacUpdater versions before 2.3.8 and 3.x before 3.1.2 allows an unprivileged local attacker to escalate privileges. The vulnerability emerges because the XPC service does not properly validate the caller or the .pkg files it processes, enabling a malicious actor to craft a .pkg file that the helper tool will install with elevated privileges [1][2][3].

Exploitation

To exploit this vulnerability, an attacker must have local access to the system. The attacker crafts a specially designed .pkg file and writes a C program that communicates with the vulnerable PrivilegedHelperTool. The program instructs the helper tool to install the malicious .pkg, which is executed with root privileges due to the XPC misconfiguration [3]. No additional user interaction beyond initial local access is required.

Impact

Successful exploitation results in local privilege escalation to root. The attacker gains the ability to install arbitrary .pkg files as the root user, potentially leading to full compromise of the affected macOS system. This can result in unauthorized code execution, data access, and persistent control over the machine [3].

Mitigation

CoreCode released fixed versions: MacUpdater 2.3.8 and 3.1.2. Users should update to these versions or later (e.g., 2.3.18, 3.4.7). Updating to the latest available version (2.4.0 for MacUpdater 2 or 3.5.0 for MacUpdater 3) is recommended. As of the publication date (2023-09-20), the fix was available [1][2][3]. No workaround is described in the references; users should apply the update promptly.