Vulnerability Details CVE-2023-41902
An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 14.9%
CVSS Severity
CVSS v3 Score 7.8
References
- https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057
- https://www.corecode.io/macupdater/history2.html
- https://www.corecode.io/macupdater/history3.html
- https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057
- https://www.corecode.io/macupdater/history2.html
- https://www.corecode.io/macupdater/history3.html
Products affected by CVE-2023-41902
-
cpe:2.3:a:corecode:macupdater:*