Serviceteam IT Security News

Talos’ security researchers have discovered two security flaws in the Wacom update helper that could be exploited to elevate privileges on a vulnerable system.

The update helper tool is being installed alongside the macOS application for Wacom tablets. Designed for interaction with the tablet, the application can be managed by the user.

What the security researchers have discovered is that an attacker with local access could exploit these vulnerabilities to leverage their privileges to root.

Tracked as CVE-2019-5012 and featuring a CVSS score of 7.8, the first bug was found in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command.

The command, Talos explains, takes a user-supplied script argument and executes it under root context. This could allow a user with local access to raise their privileges to root.

The second security flaw is tracked as CVE-2019-5013 and features a CVSS score of 7.1. It was found in the Wacom update helper service in the start/stopLaunchDProcess command.

“The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents,” Talos reveals.

Attackers looking to target these vulnerabilities would need local access to a vulnerable machine for successful exploitation.

According to the security researchers, Wacom driver on macOS, versions 6.3.32.2 and 6.3.32.3 are affected by these vulnerabilities.

Wacom has already released version 6.3.34, which addresses these bugs.

Related: Cisco Finds Serious Flaws in Sierra Wireless AirLink Devices

Related: Hard-Coded Credentials Found in Alpine Linux Docker Images

Related: Multiple Vulnerabilities Fixed in CUJO Smart Firewall

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!