Aquarius Helpertool
Approved changes feed: RSS · Atom
cpe:2.3:a:acustica-audio:aquarius_helpertool:1.0.003:*:*:*:*:*:*:*
part: a version: 1.0.003 update: *
| Vendor | Acustica Audio (6b743e4f-5ec6-59c1-8a32-1a4a941fc813) |
|---|---|
| Product | Aquarius Helpertool (7b153e37-749e-5c81-b0d2-e71b0f15fd5d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-65842 |
vulnerable | 2026-06-03 15:09:40.621559 |
Details available
The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.
Published: 2025-12-03T00:00:00.000Z
Updated: 2025-12-05T19:07:02.370Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.