Name of the Vulnerable Software and Affected Versions:

Pearcleaner versions 4.4.0 through 4.5.1

Description:

Pearcleaner is a macOS application cleaner. The PearcleanerHelper, a privileged helper tool bundled with the application, registers an XPC service (`com.alienator88.Pearcleaner.PearcleanerHelper`) that accepts unauthenticated connections from any local process. This service exposes a method that executes arbitrary shell commands, allowing local unprivileged users to escalate privileges to root after the helper is approved and active.

Recommendations:

Update to version 4.5.2 or later.