CVE-2019-5013

Name of the Vulnerable Software and Affected Versions Wacom driver version 6.3.32-3

Description A privilege escalation issue exists in the update helper service, specifically in the start/stopLaunchDProcess command. This command executes launchctl under root context, using a user-supplied string argument. With local access, an attacker can exploit this to load arbitrary launchD agents.

Recommendations For Wacom driver version 6.3.32-3, as a temporary workaround, consider restricting access to the start/stopLaunchDProcess command until a patch is available. Additionally, limit the use of launchctl to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.