CVE-2024-9062 – macOS Archify: Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2024-9062

10 Jun 2025 — The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the "factored applications" model, delegating privileged operations—such as arbitrary file deletion and file permission changes—to this helper running as root. However, the helper does not verify the code signature, entitlements, or signing flags of the connecting client. Although macOS provides s... • https://pentraze.com • CWE-306: Missing Authentication for Critical Function •