Full Disclosure mailing list archives
SEC Consult SA-20260318-0 :: Multiple Privilege Escalation Vulnerabilities in Arturia Software Center MacOS
From: SEC Consult Vulnerability Lab via Fulldisclosure
Date: Wed, 18 Mar 2026 15:39:22 +0000
SEC Consult Vulnerability Lab Security Advisory < 20260318-0 > =================================================================...
Upon examination, it was found that the Arturia Software Center's "Privileged Helper" component does not validate client code signatures adequately, allowing any process to connect and trigger privileged actions (CVE-2026-24062). Additionally, when a plugin is installed using the Arturia Software Center, an uninstall.sh script with world writable permissions is created in a root-owned path. Manipulation of this script can lead to privilege escalation upon uninstallation (CVE-2026-24063). These v...