Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack
Vulnerability Description
The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions. The vulnerable module org.cindori.SenseiHelper can be contacted via XPC. While the module performs client validation, it relies on the client's PID obtained through the public processIdentifier property of the NSXPCConnection class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol interface.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
Cindori Sensei Mac Cleaner 安全漏洞
Vulnerability Description
Cindori Sensei Mac Cleaner是Cindori公司的一款 Mac 清洁器、监控和优化器应用程序。 Cindori Sensei Mac Cleaner存在安全漏洞,该漏洞源于存在本地权限提升问题,允许攻击者以root用户执行多种操作,包括任意文件删除和写入、加载和卸载守护进程、操纵文件权限以及加载扩展等。
CVSS Information
N/A
Vulnerability Type
N/A