## https://sploitus.com/exploit?id=31B16C32-8C7A-56D3-AE49-3071904173B5
# CVE-2024-55968
LPE Exploit POC for CVE-2024-55968
## Vulnerablity Description
The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections and escalate privileges to root.
## Affected Version
DEC-M (DTEX Forwarder) 6.1.1
## Affected Componant
DEC-M EventReportingService XPC Helper
## Attack Vector
The DTEX Event Reporting Service was found with a privileged XPC helper that doesn't implement validation. A malicious actor can weaponize this logic vulnerability to locally escalate user privileges on macOS via abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.
## Credits
Paul Montgomery (@nullevent) and Waleed Barakat (@WilDN00B), TikTok Red Team
## Refferences
https://www.dtexsystems.com/