CVE-2024-12786

Name of the Vulnerable Software and Affected Versions X1a0He Adobe Downloader version 1.3.1 and earlier

Description A critical vulnerability was found in the X1a0He Adobe Downloader, affecting the shouldAcceptNewConnection function of the com.x1a0he.macOS.Adobe-Downloader.helper file in the XPC Service component. This leads to improper privilege management. The exploit has been disclosed to the public and may be used, requiring a local approach to attack. It is noted that this product is not affiliated with the company Adobe.

Recommendations For X1a0He Adobe Downloader version 1.3.1 and earlier, as a temporary workaround, consider disabling the shouldAcceptNewConnection function until a patch is available. Restrict access to the XPC Service component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.