CVE-2024-27301

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Mar 14, 2024
CWE ID 269

Summary

CVE-2024-27301 is a vulnerability affecting Support App, an open-source application used for managing Apple devices. The vulnerability allows an attacker to exploit a flaw in the postinstall installer script, which executes arbitrary code as root. This is possible because the shebang #!/bin/zsh is used, causing the installer to load the file $HOME/.zshenv when executed. By adding malicious code to this file, an attacker can escalate privileges on the system. The issue has been addressed in version 2.5.1 Rev 2 of the app, and users are advised to upgrade to mitigate the vulnerability. No known workarounds exist for this vulnerability. The base severity is rated as HIGH, with a CVSS score of 7.3, indicating significant potential danger to organizations that use Support App if left unremediated.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27301 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options