CVE-2024-9062 (GCVE-0-2024-9062)

Vulnerability from cvelistv5 – Published: 2025-06-10 23:25 – Updated: 2025-06-11 13:41
VLAI?
Summary
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
Vendor Product Version
Archify Archify Affected: 0 , ≤ 1.3.1 (semver)
Create a notification for this product.
Credits
Carlos Garrido of Pentraze Cybersecurity
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T13:41:01.210655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T13:41:12.653Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "com.oct4pie.archifyhelper",
          "platforms": [
            "MacOS"
          ],
          "product": "Archify",
          "repo": "https://github.com/Oct4Pie/archify",
          "vendor": "Archify",
          "versions": [
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Carlos Garrido of Pentraze Cybersecurity"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \"factored applications\" model, delegating privileged operations\u2014such as arbitrary file deletion and file permission changes\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges."
            }
          ],
          "value": "The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \"factored applications\" model, delegating privileged operations\u2014such as arbitrary file deletion and file permission changes\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T23:25:30.420Z",
        "orgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
        "shortName": "Pentraze"
      },
      "references": [
        {
          "url": "https://pentraze.com/"
        },
        {
          "url": "https://pentraze.com/vulnerability-reports/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "macOS Archify: Local Privilege Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "41c37e40-543d-43a2-b660-2fee83ea851a",
    "assignerShortName": "Pentraze",
    "cveId": "CVE-2024-9062",
    "datePublished": "2025-06-10T23:25:30.420Z",
    "dateReserved": "2024-09-20T21:49:17.091Z",
    "dateUpdated": "2025-06-11T13:41:12.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-9062\",\"sourceIdentifier\":\"41c37e40-543d-43a2-b660-2fee83ea851a\",\"published\":\"2025-06-11T00:15:24.043\",\"lastModified\":\"2025-06-12T16:06:20.180\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \\\"factored applications\\\" model, delegating privileged operations\u2014such as arbitrary file deletion and file permission changes\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.\"},{\"lang\":\"es\",\"value\":\"La aplicaci\u00f3n Archify contiene una vulnerabilidad de escalada de privilegios local debido a una validaci\u00f3n insuficiente del cliente en su herramienta auxiliar privilegiada, com.oct4pie.archifyhelper, expuesta mediante XPC. Archify sigue el modelo de \\\"aplicaciones factorizadas\\\", delegando operaciones privilegiadas (como la eliminaci\u00f3n arbitraria de archivos y la modificaci\u00f3n de permisos) a esta herramienta auxiliar que se ejecuta como root. Sin embargo, esta herramienta no verifica la firma del c\u00f3digo, los derechos ni los indicadores de firma del cliente que se conecta. Aunque macOS ofrece mecanismos de validaci\u00f3n seguros como auditToken, estos no est\u00e1n implementados. Como resultado, cualquier proceso local puede establecer una conexi\u00f3n con la herramienta auxiliar e invocar funciones privilegiadas, lo que provoca la ejecuci\u00f3n no autorizada de acciones con privilegios de root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"41c37e40-543d-43a2-b660-2fee83ea851a\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"41c37e40-543d-43a2-b660-2fee83ea851a\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://pentraze.com/\",\"source\":\"41c37e40-543d-43a2-b660-2fee83ea851a\"},{\"url\":\"https://pentraze.com/vulnerability-reports/\",\"source\":\"41c37e40-543d-43a2-b660-2fee83ea851a\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"macOS Archify: Local Privilege Escalation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Carlos Garrido of Pentraze Cybersecurity\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/Oct4Pie/archify\", \"vendor\": \"Archify\", \"product\": \"Archify\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.3.1\"}], \"platforms\": [\"MacOS\"], \"packageName\": \"com.oct4pie.archifyhelper\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://pentraze.com/\"}, {\"url\": \"https://pentraze.com/vulnerability-reports/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \\\"factored applications\\\" model, delegating privileged operations\\u2014such as arbitrary file deletion and file permission changes\\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the \\\"factored applications\\\" model, delegating privileged operations\\u2014such as arbitrary file deletion and file permission changes\\u2014to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides secure validation mechanisms like auditToken, these are not implemented. As a result, any local process can establish a connection to the helper and invoke privileged functionality, leading to unauthorized execution of actions with root-level privileges.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"41c37e40-543d-43a2-b660-2fee83ea851a\", \"shortName\": \"Pentraze\", \"dateUpdated\": \"2025-06-10T23:25:30.420Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9062\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-11T13:41:01.210655Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-06-11T13:41:08.319Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-9062\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-10T23:25:30.420Z\", \"dateReserved\": \"2024-09-20T21:49:17.091Z\", \"assignerOrgId\": \"41c37e40-543d-43a2-b660-2fee83ea851a\", \"datePublished\": \"2025-06-10T23:25:30.420Z\", \"assignerShortName\": \"Pentraze\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.