Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Plugin Alliance Aquarius HelperTool 安全漏洞
Vulnerability Description
Plugin Alliance Aquarius HelperTool是美国Plugin Alliance公司的一个音频插件辅助工具。 Plugin Alliance Aquarius HelperTool 1.0.003版本存在安全漏洞,该漏洞源于XPC服务未验证客户端身份且授权逻辑存在缺陷,可能导致本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A