A vulnerability linked to privilege escalation has surfaced in macOS Sonoma, specifically associated with the Universal Disk Format (UDF) filesystem. Identified as CVE-2024-27842, this vulnerability remains unclassified in severity. It exploits IOCTL functions, allowing arbitrary code execution with kernel privileges, thereby posing a significant security risk.
According to reports shared with Cyber Security News, a proof-of-concept for this vulnerability has been published, highlighting its presence in the IOAESAccelerator component of macOS. The exploit involves creating a buffer of length 0x28 bytes, which overflows the stack buffer of 0x18 bytes, inducing a stack overflow condition and ultimately leading to a kernel panic. When combined with IOCTL commands, the attack surface broadens, potentially enabling the execution of unrestricted commands on the affected device.
CertiK SkyFall Team is credited with discovering and reporting this vulnerability. Apple has acknowledged the issue and addressed it in their security advisory, confirming its impact on macOS Sonoma versions preceding 14.5. Users are advised to upgrade their macOS versions to 14.5 to mitigate the risk posed by this vulnerability, ensuring the security and stability of their systems.
