macOS PackageKit Vulnerability Addressed by Multiple Patches
/ 1 min read
🛠️ Apple’s PackageKit vulnerability highlights ongoing security challenges. A researcher presented findings on a logic vulnerability in macOS’s PackageKit framework, which allowed privilege escalation to root and bypassed System Integrity Protection (SIP). Despite Apple releasing nine patches to address the issue, the researcher identified multiple CVEs, including CVE-2022-26688 and CVE-2024-44178, demonstrating that each patch was followed by new bypasses. The vulnerabilities stemmed from flaws in how the framework handled symbolic links and trusted paths during package installations. The researcher emphasized the need for more robust security measures, particularly in the context of third-party signed packages, and noted that the latest patch in macOS 15.3 aimed to prevent these exploits.
