CVE-2024-8272
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 25, 2024
CWE ID 862
Summary
CVE-2024-8272 is a recently disclosed vulnerability affecting the com.uaudio.bsd.helper service. This service, which handles privileged operations, fails to perform adequate client validation during XPC inter-process communication (IPC). As a result, any client attempting to connect to the service, regardless of its code requirements, entitlements, or security flags, can bypass the validation checks. This vulnerability could potentially allow unauthorized clients to escalate their privileges to root level, posing a significant risk to the affected system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- UA Connect