CVE-2024-34013
📋 TL;DR
This CVE describes a local privilege escalation vulnerability in Acronis True Image for macOS due to OS command injection. Attackers with local access can execute arbitrary commands with elevated privileges. Only macOS users running vulnerable versions of Acronis True Image are affected.
💻 Affected Systems
- Acronis True Image
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where an attacker gains root privileges, installs persistent malware, accesses all user data, and potentially moves laterally to other systems.
Likely Case
Local attacker escalates privileges to install keyloggers, steal credentials, access protected files, or disable security controls.
If Mitigated
Attack limited to user-level access if proper privilege separation and application sandboxing are enforced.
🎯 Exploit Status
Requires local access to the system. Command injection vulnerabilities typically have low exploitation complexity once the injection point is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Build 41396 or later
Vendor Advisory: https://security-advisory.acronis.com/advisories/SEC-7035
Restart Required: Yes
Instructions:
1. Open Acronis True Image. 2. Go to Help > Check for Updates. 3. Install update to build 41396 or later. 4. Restart the application and system if prompted.
🔧 Temporary Workarounds
Remove vulnerable application
macOSUninstall Acronis True Image until patched version can be installed
sudo /Applications/Acronis\ True\ Image.app/Contents/Helpers/uninstall.app/Contents/MacOS/uninstall
Restrict application execution
macOSUse macOS privacy controls to restrict Acronis True Image's permissions
🧯 If You Can't Patch
- Remove Acronis True Image from all affected macOS systems
- Implement strict privilege separation and monitor for suspicious process creation
🔍 How to Verify
Check if Vulnerable:
Check Acronis True Image version in application menu: Help > About. If build number is lower than 41396, system is vulnerable.Check Version:
defaults read /Applications/Acronis\ True\ Image.app/Contents/Info.plist CFBundleVersionVerify Fix Applied:
Verify build number is 41396 or higher in Help > About menu after update.📡 Detection & Monitoring
Log Indicators:
- Unusual process spawning from Acronis True Image
- Suspicious command execution with elevated privileges
- Failed privilege escalation attempts
Network Indicators:
- Unexpected outbound connections from Acronis processes
SIEM Query:
process_name:"Acronis True Image" AND (process_parent:"sudo" OR process_elevated:true)