CVE-2024-9062

The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://pentraze.com/
https://pentraze.com/vulnerability-reports/

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-11 00:15

Updated : 2025-06-12 16:06

NVD link : CVE-2024-9062

Mitre link : CVE-2024-9062

CVE.ORG link : CVE-2024-9062

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-9062", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-06-11T00:15:24.043", "references": [{"url": "https://pentraze.com/", "source": "41c37e40-543d-43a2-b660-2fee83ea851a"}, {"url": "https://pentraze.com/vulnerability-reports/", "source": "41c37e40-543d-43a2-b660-2fee83ea851a"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "41c37e40-543d-43a2-b660-2fee83ea851a", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \"factored applications\" model, delegating privileged operations\u2014such as arbitrary file deletion and file permission changes\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges."}, {"lang": "es", "value": "La aplicaci\u00f3n Archify contiene una vulnerabilidad de escalada de privilegios local debido a una validaci\u00f3n insuficiente del cliente en su herramienta auxiliar privilegiada, com.oct4pie.archifyhelper, expuesta mediante XPC. Archify sigue el modelo de \"aplicaciones factorizadas\", delegando operaciones privilegiadas (como la eliminaci\u00f3n arbitraria de archivos y la modificaci\u00f3n de permisos) a esta herramienta auxiliar que se ejecuta como root. Sin embargo, esta herramienta no verifica la firma del c\u00f3digo, los derechos ni los indicadores de firma del cliente que se conecta. Aunque macOS ofrece mecanismos de validaci\u00f3n seguros como auditToken, estos no est\u00e1n implementados. Como resultado, cualquier proceso local puede establecer una conexi\u00f3n con la herramienta auxiliar e invocar funciones privilegiadas, lo que provoca la ejecuci\u00f3n no autorizada de acciones con privilegios de root."}], "lastModified": "2025-06-12T16:06:20.180", "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a"}