CVE-2024-8272

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 25, 2024
CWE ID 862

Summary

CVE-2024-8272 is a recently disclosed vulnerability affecting the com.uaudio.bsd.helper service. This service, which handles privileged operations, fails to perform adequate client validation during XPC inter-process communication (IPC). As a result, any client attempting to connect to the service, regardless of its code requirements, entitlements, or security flags, can bypass the validation checks. This vulnerability could potentially allow unauthorized clients to escalate their privileges to root level, posing a significant risk to the affected system.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share