Privilege escalation in Google Drive for Desktop on MacOS
CVE-2022-3421

5.6MEDIUM

Key Information:

Vendor: Google
Status: Drive For Desktop Mac OS
Vendor: CVE Published:; 17 October 2022

What is CVE-2022-3421?

An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0

Affected Version(s)

Drive for Desktop MacOS < 64.0

References

https://support.google.com/a/answer/7577057?hl=en

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2022
Vulnerability Reserved
Oct 7, 2022