FKIE_CVE-2026-24071

Vulnerability from fkie_nvd - Published: 2026-02-02 14:16 - Updated: 2026-02-11 20:39
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks.
References
551230f0-3615-47bd-b7cc-93e92e730bbfhttps://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-native-instruments-native-access-macos/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
native-instruments native_access *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:native-instruments:native_access:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D0299D5-FF09-4EE2-8F1D-E2FC624D27DB",
              "versionEndIncluding": "3.22.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was found that the XPC service offered by the privileged helper of Native Access  uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks.\u00a0The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 que el servicio XPC ofrecido por el asistente privilegiado de Native Access utiliza el PID del cliente que se conecta para verificar su firma de c\u00f3digo. Esto se considera inseguro y puede ser explotado por ataques de reutilizaci\u00f3n de PID. La funci\u00f3n manejadora de conexi\u00f3n utiliza _xpc_connection_get_pid(arg2) como argumento para la funci\u00f3n hasValidSignature. Este valor no es de confianza ya que es vulnerable a ataques de reutilizaci\u00f3n de PID."
    }
  ],
  "id": "CVE-2026-24071",
  "lastModified": "2026-02-11T20:39:27.763",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-02T14:16:35.753",
  "references": [
    {
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-native-instruments-native-access-macos/"
    }
  ],
  "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.