CVE-2024-8272

EUVD-2024-49537

25.11.2024, 18:15

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
universal_audio	uaconnect	𝑥 ≤ 2.7.0	ADP

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

References

https://pentraze.com/vulnerability-reports