New MacOS Malware Abuses Disclosed Vulnerability that Apple Won't Fix
Last updated September 23, 2021
If you’re using a Wacom tablet on macOS, it’s time to update your driver to version 6.3.34 which resolves several severe security flaws that concern all previous versions. Cisco Talos researchers have discovered two privilege escalation vulnerabilities in the “Update Helper” tool, which is a utility that gets installed by default on macOS alongside the Wacom tablet driver. Given the identifiers CVE-2019-5012 and CVE-2019-5013, both flaws can be exploited by an attacker to gain root privileges, and thus execute commands and arbitrary code on the targeted machine. In both cases, the attacker would need local access to the machine for the exploitation to work.
Starting with the 5012 one, it is given a CVSSv3 score of 7.8 and concerns the “startProcess” functionality of the Update Helper utility. The researchers found some keys in the user dictionary that correspond to non-existent directories. If an attacker creates those directories, they are enabled to write to the root file system, as they are verified in BundleID. This flaw was actually discovered back in January, and Cisco followed up with notices every month, with Wacom acknowledging a fix is underway by the end of April.
The 5013 flaw is assigned a lower 7.1 CVSSv3 score but is nonetheless still capable of delivering chaos to the exploited system. Concerning the 'startLaunchDProcess' and 'stopLaunchDProcess' functionality of the Update Helper, this flaw is directly connected with the Daemon that’s running all the time, listening locally over XPC as root. By abusing the “launchctl” command of this module, an attacker could launch or stop or even delete any agent they want on the target system. It practically gives the attacker root access over the “LaunchAgents” and “LaunchDaemons” without being actually an admin, so it’s more like a privilege bridge-crossing. Again, this flaw was discovered back in January, and again, Wacom acknowledged a fix by the end of April.
Wacom tablets are the world’s most popular graphic design tablets, capturing the lion’s share in the associated market. That said, and with the above vulnerabilities affecting all models of the manufacturer, this latest driver update is quite important. Known issues with the new driver include problems logging-in to the computer from the Wacom device, keyboard coupling causing modifier keys triggering, and two-finger tap gesture not working. For instructions on how to deal with these issues temporarily, check out Wacom’s advice on their website.
Are you using a Wacom tablet on macOS? Let us know about your experience in the comments down below, and help us spread the word of warning by sharing this post through our socials, on Facebook and Twitter.