Share
## https://sploitus.com/exploit?id=6DA6C5AD-EA59-55FD-B748-BB0D88E65687
# CVE-2024-55968
POC for DTEX LPE (CVE-2024-55968)

Affected product:
DEC-M (DTEX Forwarder) version 6.1.1. DTEX is a unified insider risk management platform.

Affected component:
DEC-M EventReportingService XPC Helper

Attack vector:
The DTEX Event Reporting Service was found with a privileged XPC helper that doesn't implement validation. A malicious actor can weaponize this logic vulnerability to locally escalate user privileges on macOS via abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.

## Description

The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections and escalate privileges to root.

## Discoverers/Credits

Paul Montgomery (@nullevent) and Waleed Barakat (@WilDN00B), TikTok Red Team

## References

https://www.dtexsystems.com/