Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-04T21:34:44

Updated: 2024-08-04T03:08:32.396Z

Reserved: 2021-09-17T00:00:00

Link: CVE-2021-41388

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-04T22:15:07.527

Modified: 2024-11-21T06:26:11.367

Link: CVE-2021-41388

cve-icon Redhat

No data.