This CVE describes a privilege escalation vulnerability in Arturia Software Center on macOS. When a plugin is installed, an uninstall.sh bash script is written to a root-owned path with overly permissive file permissions (777), making it writable by any user. The Arturia Software Center's Privileged Helper executes this script during plugin uninstallation. An attacker with local access can modify the scri [truncated]
A local privilege escalation vulnerability exists in the Arturia Software Center for macOS. The Privileged Helper component fails to adequately validate client code signatures when accepting connections, allowing an attacker to connect to the helper and execute privileged actions. This weakness enables a local attacker with low privileges to escalate to higher privileges without user interaction. The vuln [truncated]
