CVE-2024-4395
Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation
The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation.
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:D/RE:M/U:Green
Produtos afetados
JAMF · Jamf Compliance EditorQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/Jamf-Concepts/jamf-compliance-editor/raw/v1.3.1/Jamf%20Compliance%20Editor%20-%20User%20Guide.pdfhttps://github.com/Jamf-Concepts/jamf-compliance-editor/releases/download/v1.3.1/JamfComplianceEditor.v1.3.1.pkghttps://khronokernel.com/macos/2024/05/01/CVE-2024-4395.htmlhttps://trusted.jamf.com/docs/establishing-compliance-baselines#support