216.73.216.226

CVE-2024-7915

· Published 25/11/2024 18:15 · Modified 25/11/2024 18:15

Labels: CVE-2024-7915 2024-11-2541c37e40-543d-43a2-b660-2fee83ea851aCVE-2024-7915CWE-863

Essential information

Published
25/11/2024 18:15
Modified
25/11/2024 18:15
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions. The vulnerable module org.cindori.SenseiHelper can be contacted via XPC. While the module performs client validation, it relies on the client's PID obtained through the public processIdentifier property of the NSXPCConnection class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol interface.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
41c37e40-543d-43a2-b660-2fee83ea851a
NVD
View on NVD

References