CVE-2024-9062

Name of the Vulnerable Software and Affected Versions Archify (affected versions not specified)

Description The issue is related to insufficient client validation in the privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. This tool is responsible for privileged operations such as arbitrary file deletion and file permission changes. However, it does not verify the code signature, entitlements, or signing flags of the connecting client, allowing any local process to establish a connection and invoke privileged functionality. This leads to unauthorized execution of actions with root-level privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.