{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T02:45:42.577","vulnerabilities":[{"cve":{"id":"CVE-2024-8272","sourceIdentifier":"41c37e40-543d-43a2-b660-2fee83ea851a","published":"2024-11-25T18:15:14.673","lastModified":"2026-06-17T08:22:14.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root."},{"lang":"es","value":"El servicio com.uaudio.bsd.helper, responsable de gestionar operaciones privilegiadas, no implementa una validación crítica del cliente durante la comunicación entre procesos (IPC) de XPC. En concreto, el servicio no verifica los requisitos de código, los derechos ni los indicadores de seguridad de ningún cliente que intente establecer una conexión. Esta falta de validación adecuada permite que clientes no autorizados exploten los métodos del servicio y escalen privilegios a superusuario."}],"affected":[{"source":"41c37e40-543d-43a2-b660-2fee83ea851a","affectedData":[{"vendor":"Universal Audio","product":"UAConnect","defaultStatus":"unaffected","collectionURL":"https://www.uaudio.com","packageName":"UAConnect","modules":["com.uaudio.bsd.helper"],"platforms":["MacOS"],"versions":[{"version":"0","lessThanOrEqual":"2.7.0","versionType":"semver","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"universal_audio","product":"uaconnect","defaultStatus":"unaffected","cpes":["cpe:2.3:a:universal_audio:uaconnect:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"2.7.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"41c37e40-543d-43a2-b660-2fee83ea851a","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-25T18:40:43.231674Z","id":"CVE-2024-8272","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"41c37e40-543d-43a2-b660-2fee83ea851a","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://pentraze.com/vulnerability-reports","source":"41c37e40-543d-43a2-b660-2fee83ea851a"}]}}]}