CVE-2026-24064

Vulnerability

Waves Central for macOS versions 13.0.9 through 16.5.5 contains a local privilege escalation vulnerability. The InstlHelperApplication component, which connects to a privileged helper tool via XPC, is signed with entitlements that permit dynamic library injection, specifically com.apple.security.cs.allow-dyld-environment-variables and com.apple.security.cs.disable-library-validation [1].

Exploitation

A local attacker can exploit this vulnerability by setting the DYLD_INSERT_LIBRARIES environment variable to point to an attacker-controlled dynamic library. When the InstlHelperApplication process is launched, it will load the injected library due to the specific entitlements. The injected code can then interact with the product's privileged helper service [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with root privileges. The injected code runs within the context of the signed InstlHelperApplication process, enabling it to invoke privileged operations through the product's helper service, leading to a full system compromise at the highest privilege level [1].

Mitigation

The vulnerability is fixed in Waves Central version 16.6.2. Users are advised to install the patch immediately. No workarounds are mentioned in the available references [1].