CVE-2023-41902

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 20, 2023

Updated: Sep 26, 2023

CWE ID 434

Summary

CVE-2023-41902 is a newly disclosed vulnerability affecting CoreCode MacUpdater before versions 2.3.8 and 3.x before 3.1.2. This issue involves an XPC misconfiguration, enabling attackers to manipulate .pkg files and escalate privileges. By crafting malicious .pkg packages, assailants can bypass security restrictions and gain elevated access to a targeted system. This vulnerability poses a serious threat and requires users to upgrade their MacUpdater software immediately to protect against potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/skHRhC
https://www.cve.org/CVERecord?id=CVE-2023-41902
https://nvd.nist.gov/vuln/detail/CVE-2023-41902

Back to Vulnerability Database

CVE-2023-41902

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations