CVE-2024-23746
📋 TL;DR
CVE-2024-23746 is a local privilege escalation vulnerability in Miro Desktop for macOS that allows attackers to inject malicious code into the Electron application. This enables arbitrary code execution with the privileges of the Miro application, potentially leading to full system compromise. Only macOS users running Miro Desktop version 0.8.18 are affected.
💻 Affected Systems
- Miro Desktop
📦 What is this software?
Miro by Miro
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via privilege escalation to root, allowing installation of persistent malware, data theft, and complete control of the affected system.
Likely Case
Local attacker gains ability to execute arbitrary code with user privileges, potentially accessing sensitive data within Miro and other user-accessible resources.
If Mitigated
With proper application sandboxing and file permission controls, impact limited to Miro application data only.
🎯 Exploit Status
Exploit requires local access and involves multiple file manipulation steps including app bundle modification and ASAR archive manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Later than 0.8.18
Vendor Advisory: https://miro.com/about/
Restart Required: Yes
Instructions:
1. Open Miro Desktop application. 2. Go to Settings > About. 3. Check for updates and install latest version. 4. Restart the application.
🔧 Temporary Workarounds
Remove vulnerable version
macosUninstall Miro Desktop 0.8.18 completely from the system
sudo rm -rf /Applications/Miro.app
rm -rf ~/Library/Application\ Support/Miro
Restrict application permissions
macosUse macOS Privacy controls to restrict Miro's file access permissions
🧯 If You Can't Patch
- Implement strict file permission controls on Miro application directories
- Monitor for suspicious file modifications in /Applications/Miro.app/Contents/
🔍 How to Verify
Check if Vulnerable:
Check Miro Desktop version: Open Miro, go to Settings > About, verify version is 0.8.18Check Version:
defaults read /Applications/Miro.app/Contents/Info.plist CFBundleShortVersionStringVerify Fix Applied:
After update, verify version is newer than 0.8.18 in Settings > About📡 Detection & Monitoring
Log Indicators:
- File modification events in /Applications/Miro.app/Contents/
- Process execution from modified Miro application bundle
Network Indicators:
- Unusual outbound connections from Miro process
SIEM Query:
source="macos" AND (event_type="file_modification" AND file_path="/Applications/Miro.app/Contents/*") OR (process_name="Miro" AND parent_process!="launchd")🔗 References
- https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection
- https://github.com/louiselalanne/CVE-2024-23746
- https://miro.com/about/
- https://www.electronjs.org/blog/statement-run-as-node-cves
- https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection
- https://github.com/louiselalanne/CVE-2024-23746
- https://miro.com/about/
- https://www.electronjs.org/blog/statement-run-as-node-cves
