CVE-2024-14032
🟡 Monitoruj
Wzrost uprawnień w Twitch Studio umożliwia lokalnym atakującym wykonanie kodu jako root.
CVSS
7.8
EPSS
0.0%
Exploit
poc
Vendor
twitch
Opis źródłowy (NVD)
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite system files and privileged binaries, achieving full system compromise. Twitch Studio was discontinued in May 2024.
exploit privilege-escalation
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-06 16:16:26 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-14 02:01:12 UTC |
Referencje
- https://help.twitch.tv/s/article/recommended-software-for-broadcasting (disclosure@vulncheck.com) [Product]
- https://help.twitch.tv/s/topic/0TO3a000000kZfYGAU/twitch-studio (disclosure@vulncheck.com) [Product]
- https://www.iru.com/blog/twitch-privileged-helper (disclosure@vulncheck.com) [Exploit, Third Party Advisory]
- https://www.vulncheck.com/advisories/twitch-studio-launcherhelper-xpc-missing-authorization-to-root-file-write (disclosure@vulncheck.com) [Third Party Advisory]