CVE-2024-23742 – This vulnerability in Loom on macOS allows remo... (How to Fix)

Q: What is the severity of CVE-2024-23742?

CVE-2024-23742 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Loom on macOS allows remote attackers to execute arbitrary code by exploiting the RunAsNode and enableNodeCliInspectArguments settings. The vendor disputes the remote aspect, stating it requires local access to a victim's machine. Affected users are those running Loom version 0.196.1 or earlier on macOS.

📋 TL;DR

This vulnerability in Loom on macOS allows remote attackers to execute arbitrary code by exploiting the RunAsNode and enableNodeCliInspectArguments settings. The vendor disputes the remote aspect, stating it requires local access to a victim's machine. Affected users are those running Loom version 0.196.1 or earlier on macOS.

💻 Affected Systems

Products:

Loom

Versions: 0.196.1 and earlier

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability requires specific settings (RunAsNode and enableNodeCliInspectArguments) to be enabled, but these may be present in default configurations.

📦 What is this software?

Loom by Loom

View all CVEs affecting Loom →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or code execution if an attacker gains initial access to the system, potentially leading to lateral movement within the network.

🟢

If Mitigated

Limited impact with proper application sandboxing, network segmentation, and least privilege principles in place.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access according to vendor, but public PoC exists. The dispute centers on whether remote exploitation is feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.196.2 or later

Vendor Advisory: https://www.electronjs.org/blog/statement-run-as-node-cves

Restart Required: Yes

Instructions:

1. Update Loom to version 0.196.2 or later. 2. Restart the application. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable vulnerable settings

all

Disable RunAsNode and enableNodeCliInspectArguments settings in Loom configuration.

Check Loom settings and ensure these options are disabled

🧯 If You Can't Patch

Restrict application execution to trusted users only.
Implement application sandboxing or containerization to limit potential damage.

🔍 How to Verify

Check if Vulnerable:

Check Loom version in application settings or About menu. If version is 0.196.1 or earlier, the system is vulnerable.

Check Version:

Open Loom, go to About Loom in the menu to see version.

Verify Fix Applied:

Confirm Loom version is 0.196.2 or later in application settings.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from Loom, unexpected network connections from Loom process

Network Indicators:

Suspicious outbound connections from Loom to unknown IPs

SIEM Query:

Process creation where parent process is Loom and command line contains suspicious arguments

📊 Metadata

CVE ID: CVE-2024-23742

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: January 28, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/V3x0r/CVE-2024-23742 Third Party Advisory
https://www.electronjs.org/blog/statement-run-as-node-cves
https://github.com/V3x0r/CVE-2024-23742 Third Party Advisory
https://www.electronjs.org/blog/statement-run-as-node-cves

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23742, you might also want to check these: