CVE-2024-55968

Name of the Vulnerable Software and Affected Versions DTEX DEC-M (DTEX Forwarder) version 6.1.1

Description An issue was discovered in the com.dtexsystems.helper service, which handles privileged operations within the macOS DTEX Event Forwarder agent. The service fails to implement critical client validation during XPC interprocess communication (IPC), allowing malicious actors to exploit the service's methods via unauthorized client connections. This can lead to privilege escalation to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.

Recommendations For DTEX DEC-M (DTEX Forwarder) version 6.1.1, consider disabling the com.dtexsystems.helper service until a patch is available to prevent exploitation. Restrict access to the DTConnectionHelperProtocol protocol to minimize the risk of unauthorized connections. Avoid using the submitQuery method in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.