Vulnerability Description
An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Corecode | Macupdater | < 2.3.8 |
Related Weaknesses (CWE)
References
- https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057Third Party Advisory
- https://www.corecode.io/macupdater/history2.htmlRelease Notes
- https://www.corecode.io/macupdater/history3.htmlRelease Notes
- https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057Third Party Advisory
- https://www.corecode.io/macupdater/history2.htmlRelease Notes
- https://www.corecode.io/macupdater/history3.htmlRelease Notes
FAQ
What is CVE-2023-41902?
CVE-2023-41902 is a vulnerability with a CVSS score of 7.8 (HIGH). An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files.
How severe is CVE-2023-41902?
CVE-2023-41902 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41902?
Check the references section above for vendor advisories and patch information. Affected products include: Corecode Macupdater.