LPE Exploit POC for CVE-2024-55968
The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections and escalate privileges to root.
DEC-M (DTEX Forwarder) 6.1.1
DEC-M EventReportingService XPC Helper
The DTEX Event Reporting Service was found with a privileged XPC helper that doesn't implement validation. A malicious actor can weaponize this logic vulnerability to locally escalate user privileges on macOS via abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.
Paul Montgomery (@nullevent) and Waleed Barakat (@WilDN00B), TikTok Red Team