A critical security flaw has been uncovered in the Citrix Workspace app for Mac, allowing attackers to escalate privileges from local authenticated users to root users. Tracked as CVE-2024-5027, this vulnerability poses significant risks to users and organizations relying on Citrix Workspace for virtual app and desktop access. The flaw affects versions before 2402.10, enabling attackers to execute arbitrary commands with root-level access, potentially leading to severe security breaches and system compromise.
The vulnerability has been assigned a CVSS score of 7.7, indicating its high severity level. It exploits a specific weakness categorized under CWE, although the exact identifier is not detailed. Citrix has strongly urged affected users to update to version 2402.10 or later to mitigate the risk, as the updated version addresses the security flaw and prevents potential exploitation.
Affected users can visit the Citrix download page for the Workspace app for Mac to update to the latest version. Released on May 23, 2024, version 2402.10 is compatible with various macOS versions. Citrix has proactively notified customers and partners about this critical security issue, providing detailed instructions for updating the affected software and making necessary patches available for download. Staying informed and prioritizing system updates are crucial steps in safeguarding against evolving cyber threats.
