Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pearcleaner's unauthenticated access to privileged XPC helper allows root command execution
Vulnerability Description
Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, the helper is configured as a LaunchDaemon and runs with root privileges. In versions 4.4.0 through 4.5.1, the helper registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) and accepts unauthenticated connections from any local process. It exposes a method that executes arbitrary shell commands. This allows any local unprivileged user to escalate privileges to root once the helper is approved and active. This issue is fixed in version 4.5.2.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Pearcleaner 安全漏洞
Vulnerability Description
Pearcleaner是Alin Lupascu个人开发者的一个mac应用程序清理工具。 Pearcleaner 4.4.0至4.5.1版本存在安全漏洞,该漏洞源于XPC服务暴露执行任意命令方法,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A