CVE-2023-27529 – This vulnerability in Wacom Tablet Driver insta... (How to Fix)

Q: What is the severity of CVE-2023-27529?

CVE-2023-27529 has a CVSS score of 7.8 (HIGH). This vulnerability in Wacom Tablet Driver installer for macOS allows arbitrary code execution with root privileges when a user is tricked into running a malicious script before the installer. Attackers can exploit improper link resolution to escalate privileges and take full control of affected systems. Users of Wacom tablets on macOS with outdated drivers are at risk.

📋 TL;DR

This vulnerability in Wacom Tablet Driver installer for macOS allows arbitrary code execution with root privileges when a user is tricked into running a malicious script before the installer. Attackers can exploit improper link resolution to escalate privileges and take full control of affected systems. Users of Wacom tablets on macOS with outdated drivers are at risk.

💻 Affected Systems

Products:

Wacom Tablet Driver for macOS

Versions: Versions prior to 6.4.2-1

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user to execute malicious script before running installer - social engineering component.

📦 What is this software?

Tablet Driver Installer by Wacom

View all CVEs affecting Tablet Driver Installer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level persistence, data theft, ransomware deployment, or backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files and system resources.

🟢

If Mitigated

Limited impact if users have updated drivers and practice safe execution habits.

🌐 Internet-Facing: LOW - Requires local access and user interaction, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Insider threats or compromised accounts could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction and specific timing (script must run before installer).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.2-1 and later

Vendor Advisory: https://www.wacom.com/en-us/support/product-support/drivers

Restart Required: No

Instructions:

1. Visit Wacom driver download page 2. Download latest driver for macOS 3. Run installer 4. Follow installation prompts

🔧 Temporary Workarounds

Avoid untrusted scripts

all

Do not execute scripts from untrusted sources, especially before running installers

Use Gatekeeper restrictions

macOS

Enable macOS Gatekeeper to block unsigned applications

sudo spctl --master-enable

🧯 If You Can't Patch

Restrict user privileges to prevent script execution with elevated rights
Implement application whitelisting to block unauthorized installer execution

🔍 How to Verify

Check if Vulnerable:

Check Wacom driver version in System Preferences > Wacom Tablet or via terminal: find /Library/Application\ Support/Tablet -name '*.plist' | xargs grep -l 'Version'

Check Version:

grep -A1 CFBundleVersion /Library/Application\ Support/Tablet/*.plist 2>/dev/null | grep string

Verify Fix Applied:

Confirm driver version is 6.4.2-1 or higher using same method

📡 Detection & Monitoring

Log Indicators:

Unusual process execution as root from user directories
Wacom installer execution preceded by script execution

Network Indicators:

None - local exploitation only

SIEM Query:

process where parent_process_name contains 'install' and process_name contains 'sh' or 'bash' and user='root'

📊 Metadata

CVE ID: CVE-2023-27529

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-59

Published: May 25, 2023

Last Updated: January 16, 2025

🔗 References

https://jvn.jp/en/jp/JVN90278893/ Third Party Advisory
https://www.wacom.com/en-us/support/product-support/drivers Product
https://jvn.jp/en/jp/JVN90278893/ Third Party Advisory
https://www.wacom.com/en-us/support/product-support/drivers Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27529, you might also want to check these: