CVE-2026-24063 is a security vulnerability identified in the Arturia Software Center version 2.12.0.3157 for macOS. The core issue is an incorrect default permission setting (CWE-276) on an uninstall.sh bash script installed by the software. This script is placed in a root-owned directory but is assigned file permissions of 777, making it writable by any user on the system. During the uninstallation of a plugin, the software’s privileged helper component executes this uninstall.sh script with elevated privileges. Because the script is writable by any user, an attacker with local access can modify it to include malicious commands. When the privileged helper runs the manipulated script, the attacker’s code executes with root privileges, resulting in privilege escalation. This vulnerability does not require user interaction beyond local access and does not currently have a CVSS score or known exploits in the wild. The vulnerability highlights a common security misconfiguration where critical scripts are exposed to unauthorized modification, enabling attackers to escalate privileges on the affected system. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for mitigation through configuration changes or vendor updates once released.

If exploited, this vulnerability allows an attacker with local user access to gain root-level privileges on the affected macOS system. This can lead to full system compromise, including unauthorized access to sensitive data, installation of persistent malware, disabling of security controls, and lateral movement within the network. Organizations using Arturia Software Center on macOS, particularly in environments where multiple users share systems or where local user accounts are not tightly controlled, face significant risk. The vulnerability undermines system integrity and confidentiality and can disrupt availability if malicious scripts are used to damage or disable system components. Although no public exploits are known, the ease of exploitation due to world-writable permissions and the execution by a privileged helper make this a high-risk issue. Attackers could leverage this vulnerability to establish persistent, stealthy footholds on targeted systems.

Organizations should immediately audit the file permissions of uninstall.sh and any similar scripts installed by the Arturia Software Center. Permissions should be restricted to root-only write access (e.g., 700 or 755) to prevent unauthorized modification. Until an official patch is released, consider removing or renaming the uninstall.sh script if uninstallation is not required, or restrict execution rights to trusted administrators only. Employ macOS security features such as System Integrity Protection (SIP) to limit the ability of users to modify system files. Monitor systems for unexpected changes to scripts in root-owned directories and implement file integrity monitoring. Limit local user privileges to reduce the risk of exploitation and ensure that only trusted users have access to systems running this software. Stay alert for vendor updates or patches addressing this vulnerability and apply them promptly once available.