166 matches found
EUVD-2021-28416
Malicious code in bioql PyPI...
EUVD-2025-2570
Malicious code in bioql PyPI...
CVE-2025-7779
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...
CVE-2025-7779
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...
CVE-2025-7779
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...
CVE-2025-7779
CVE-2025-7779: Local privilege escalation due to insecure XPC service configuration. Affects Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before build 42198, and Acronis True Image for Western Digital (macOS) before build 42197. Remediation: upgrade to bui...
CVE-2025-7779
Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image macOS before build 42389, Acronis True Image for SanDisk macOS before build 42198, Acronis True Image for Western Digital macOS before build 42197, Acronis True Image OEM...
CVE-2025-11130
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit h...
Acronis True Image 安全漏洞
Acronis True Image is a well-known data backup and restore software from the Swiss company Acronis. The software can be used to create drive and disk images and can restore the image when a clean system is needed. A security vulnerability exists in Acronis True Image, which stems from an insecure...
CVE-2025-10016
The CVE-2025-10016 issue affects the Sparkle framework’s Autoupdate/Downloader.xpc mechanism. Reports in connected sources describe a local, unprivileged attacker who can exploit a race condition by connecting to the daemon as root to request installation of a crafted PKG, leading to local privil...
CVE-2025-10016 Local Privilege Escalation in Sparkle Autoupdate Daemon
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...
CVE-2025-10015
The Sparkle framework’s Downloader.xpc XPC service can be registered globally by a local, unprivileged attacker, causing the service to inherit the app’s TCC permissions. The root cause is lack of validation of the connecting client, allowing copying of TCC-protected files to arbitrary locations;...
CVE-2025-10015 TCC Bypass via Downloader XPC Service in Sparkle
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...
PT-2025-37917
Name of the Vulnerable Software and Affected Versions: Sparkle framework versions prior to 2.7.2 Description: The Sparkle framework includes an XPC service, Downloader.xpc, which is, by default, private to the application it is bundled with. A local, unprivileged attacker can register this XPC...
CVE-2025-8533 Incorrect Authorization of XPC Service in Fantastical.app
A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could...
CVE-2025-54595 Pearcleaner's unauthenticated access to privileged XPC helper allows root command execution
Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, th...
PT-2025-31677 · Unknown · Pearcleaner
Name of the Vulnerable Software and Affected Versions: Pearcleaner versions 4.4.0 through 4.5.1 Description: Pearcleaner is a macOS application cleaner. The PearcleanerHelper, a privileged helper tool bundled with the application, registers an XPC service...
CVE-2025-21606
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...
CVE-2020-15495
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration...
CVE-2018-7716
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...