CVE-2024-23347
📋 TL;DR
Meta Spark Studio versions before v176 automatically execute scripts from package.json files when opening projects, allowing arbitrary code execution. This affects users who open untrusted projects in Meta Spark Studio, potentially compromising their systems.
💻 Affected Systems
- Meta Spark Studio
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through remote code execution, allowing attackers to install malware, steal data, or gain persistent access.
Likely Case
Attackers trick users into opening malicious projects, executing code to steal credentials or install ransomware.
If Mitigated
Limited impact if users only open trusted projects from verified sources.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious project file.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v176 and later
Vendor Advisory: https://www.facebook.com/security/advisories/cve-2024-23347
Restart Required: Yes
Instructions:
1. Open Meta Spark Studio. 2. Check for updates in Help menu. 3. Install v176 or later. 4. Restart application.
🔧 Temporary Workarounds
Avoid untrusted projects
allOnly open projects from trusted sources until patched.
🧯 If You Can't Patch
- Discontinue use of Meta Spark Studio until patched.
- Use in isolated virtual machine environment.
🔍 How to Verify
Check if Vulnerable:
Check Meta Spark Studio version in Help > About. If version is below 176, you are vulnerable.Check Version:
Not applicable - check via application GUI.Verify Fix Applied:
Confirm version is 176 or higher in Help > About.📡 Detection & Monitoring
Log Indicators:
- Unexpected process execution from Meta Spark Studio
- Script execution from package.json files
Network Indicators:
- Unusual outbound connections from Meta Spark Studio process
SIEM Query:
Process creation where parent process contains 'spark' and command line contains suspicious scripts