CVE-2024-55968

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 28, 2025

Updated: Jan 29, 2025

CWE ID 798

Summary

CVE-2024-55968 is a vulnerability affecting DTEX DEC-M (DTEX Forwarder) version 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, has insufficient validation during XPC interprocess communication. Malicious actors can exploit this vulnerability by establishing unauthorized connections, bypassing essential checks on code requirements, entitlements, security flags, and version. Ultimately, they can escalate privileges to root level through the DTConnectionHelperProtocol protocol's submitQuery method. This issue poses a critical risk for macOS systems running the DTEX Forwarder agent.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database