CVE-2024-27357 is a local privilege escalation vulnerability identified in WithSecure Elements Agent, WithSecure Elements Client Security, and WithSecure MDR for macOS, affecting versions through 23.x. The vulnerability arises during the installation or update routines, which are typically executed by users with administrative privileges. Despite requiring administrative privileges and user interaction, the flaw allows an attacker to escalate privileges beyond the intended administrative level, potentially gaining higher system privileges. The vulnerability is classified under CWE-269 (Improper Privilege Management), indicating that the software fails to properly restrict privilege levels during critical operations. The CVSS 3.1 vector (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N) reflects that the attack requires local access, low attack complexity, high privileges, and user interaction, with unchanged scope but high impact on confidentiality and integrity, and no impact on availability. No patches or exploits are currently publicly available, but the vulnerability poses a risk to environments where WithSecure macOS security products are deployed, particularly during administrative update or installation activities.

The vulnerability allows an attacker with administrative privileges and local access to escalate their privileges further, potentially gaining full control over the affected macOS system. This can lead to unauthorized access to sensitive data, modification or tampering of security controls, and undermining of the integrity of the security software itself. Although availability is not impacted, the compromise of confidentiality and integrity can facilitate further attacks, data breaches, or persistence mechanisms. Organizations relying on WithSecure security products on macOS may face increased risk of insider threats or exploitation by malicious actors who gain administrative access. The medium severity rating reflects the requirement for administrative privileges and user interaction, limiting remote exploitation but still posing a significant risk in environments with multiple administrators or shared access.

Organizations should monitor WithSecure’s official channels for patches addressing CVE-2024-27357 and apply updates promptly once available. Until patches are released, restrict administrative privileges to trusted personnel only and enforce strict access controls on macOS systems running affected WithSecure products. Limit the use of shared administrator accounts and require multi-factor authentication for administrative access to reduce the risk of privilege abuse. Implement robust logging and monitoring of installation and update activities to detect suspicious behavior. Consider deploying endpoint detection and response (EDR) solutions capable of identifying privilege escalation attempts. Additionally, conduct regular security audits of macOS systems and review the configuration of WithSecure products to ensure minimal exposure during update processes.