Privileged Action Exploit in Malwarebytes on macOS
CVE-2020-25533

7HIGH

Key Information:

Vendor: Malwarebytes
Status: Malwarebytes
Vendor: CVE Published:; 15 January 2021

🔔 Create Malwarebytes Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-25533?

A vulnerability has been identified in Malwarebytes prior to version 4.0 on macOS, where a malicious application can exploit the launch daemon. The privileged service's failure to properly validate XPC connections—by relying on process identifiers (PIDs) instead of audit tokens—creates an avenue for attackers. Using a race condition alongside crafted execution of posix_spawn, an attacker can manipulate the system to reuse a PID in a way that allows unauthorized privileged actions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-25533 - Proof of Concept

References

https://wojciechregula.blog/post/learn-xpc-exploitation-p...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 15, 2021
👾
Exploit known to exist
Jan 15, 2021
Vulnerability published
Jan 15, 2021
Vulnerability Reserved
Sep 14, 2020

CVE-2020-25533 Data

JSON