CVE-2024-47193

Vulnerability

Overview

The vulnerability, identified as CVE-2024-47193, affects WithSecure Elements Agent for Mac (before 24.3), MDR (before 24.3), and Elements Client Security for Mac (before 16.10). It allows a local unprivileged user to interfere with the installation or automatic upgrade of WithSecure antivirus software on macOS devices [1]. The root cause lies in insufficient privilege protection or locking mechanisms that enable a local user to block administrative actions [1].

Attack

Vector and Prerequisites

To exploit this vulnerability, the attacker must have local access to the macOS system as a standard user. No special privileges or network access are required beyond being logged into the device. The attacker can then trigger a denial of service condition by preventing the administrator from installing or updating the WithSecure security software, or by blocking automatic upgrades [1]. This attack does not require any known exploit code and has not been observed in the wild [1].

Impact

Successful exploitation results in the inability to install or update the WithSecure product on the affected macOS device. This leaves the system without the latest security protections, effectively creating a denial of service for the security software itself. The system remains operational but loses its WithSecure antivirus or endpoint protection capabilities until an administrator can manually intervene and complete the installation or upgrade outside the normal process [1].

Mitigation

WithSecure has addressed the issue in the following product versions: Elements Agent for Mac 24.3, MDR 24.3, and Elements Client Security for Mac 16.10. Users should update to these versions or later. No workarounds have been provided, and the vulnerability was responsibly reported via WithSecure's Vulnerability Reward Program [1].