macOS Under Threat: PoC Exploit for CVE-2024-27842 Allows Kernel-Level Code Execution

Recently, security researcher Wang Tielei published a proof-of-concept (PoC) exploit codes for a significant privilege escalation vulnerability (CVE-2024-27842) in macOS. The vulnerability has been patched by Apple, but the release of the PoC codes underscores the importance of immediate updates and vigilance.

Discovered by the CertiK SkyFall Team, CVE-2024-27842 is a critical privilege escalation vulnerability affecting macOS. Apple addressed this flaw on May 13 with the release of macOS Sonoma 14.5, implementing improved checks to mitigate the issue.

The vulnerability resides in the UDF (Universal Disk Format) component, specifically within the VNOP_IOCTL function. This flaw allows an attacker to execute arbitrary code with kernel privileges by sending an arbitrary command to an arbitrary vnode, leading to memory corruptions. UDF, a kernel extension present in macOS for decades, becomes the focal point of this exploit.

Wang Tielei’s PoC exploit demonstrates the ease with which this vulnerability can be exploited, emphasizing the urgency for users to update their systems.

In addition to CVE-2024-27842, Wang Tielei has also released a PoC exploit for CVE-2023-40404, another privilege escalation vulnerability in macOS Sonoma. This vulnerability, caused by a use-after-free error in the Networking component, allows local attackers to gain elevated privileges and execute arbitrary code with kernel privileges.

To protect against these vulnerabilities, macOS users are strongly advised to update their systems to macOS Sonoma 14.5 or later immediately. The update includes the necessary patches to address both CVE-2024-27842 and CVE-2023-40404, ensuring enhanced security and protection against potential exploitation.