CVE-2024-27357

WithSecure Elements for Mac vulnerable to Local Privilege Escalation 

More information

A Vulnerability during the installation or updated process allows a local user with administrator privileges to leading to potential local privilege escalation on WithSecure Mac Products.

This issue was reported to WithSecure as a part of Internal Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

WithSecure is not aware of any known exploits for this vulnerability.

Contributors

WithSecure would like to thank following person for bringing this issue to our attention.

Max Keasley

WithSecure Security Consultant (UK)

    Status

  • Fixed

    • Risk level

  • High

    • Action required

  • FIX No User action is required. The required fix has been published through automatic update channel for Elements agent & MDR with version 24.1

    Please note : End of life date for Client Security for Mac version 15 is on 30th Sept 2024. In order to mitigate this issue admin must take action to upgrade to Client Security for Mac 16.

    • Affected products

  • All WithSecure Endpoint Protection products for Mac

    • WithSecure Elements Agent for Mac version 23.x & below
    • WithSecure Elements Client Security for Mac version 15 & below
    • WithSecure MDR version 23.x & below

    • Platforms

  • All supported platforms for the affected products

    • Date issued

  • 2024-07-26

Read more