CVE-2024-55504
📋 TL;DR
This vulnerability allows local attackers to execute arbitrary code via a malicious dynamic library (dylib) injection in RAR Extractor - Unarchiver Free and Pro version 6.4.0 on macOS. Attackers can potentially gain remote control and access sensitive user data. Only macOS users running the vulnerable version are affected.
💻 Affected Systems
- RAR Extractor - Unarchiver Free
- RAR Extractor - Unarchiver Pro
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to access user files and install additional malware.
If Mitigated
Limited impact if application runs with minimal privileges and proper sandboxing is enforced.
🎯 Exploit Status
Exploit requires local access to place malicious dylib and trigger execution through the vulnerable application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Check for updates in the Mac App Store. 2. If no update is available, consider uninstalling the application until a patch is released.
🔧 Temporary Workarounds
Uninstall vulnerable application
macOSRemove RAR Extractor - Unarchiver Free/Pro v6.4.0 from your system
sudo rm -rf /Applications/RAR\ Extractor\ -\ Unarchiver\ Free.app
sudo rm -rf /Applications/RAR\ Extractor\ -\ Unarchiver\ Pro.app
Restrict application execution
macOSUse macOS Gatekeeper or parental controls to prevent execution of the vulnerable application
sudo spctl --master-disable
Then use System Preferences > Security & Privacy > General to block the application
🧯 If You Can't Patch
- Run the application in a sandboxed environment with minimal privileges
- Monitor for suspicious dylib loading events using macOS security tools
🔍 How to Verify
Check if Vulnerable:
Check application version in Finder by right-clicking the app > Get Info, or check in the Mac App Store purchase historyCheck Version:
mdls -name kMDItemVersion /Applications/RAR\ Extractor\ -\ Unarchiver\*.app 2>/dev/null || echo 'Application not found'Verify Fix Applied:
Verify the application is no longer installed or has been updated to a version newer than 6.4.0📡 Detection & Monitoring
Log Indicators:
- Unusual dylib loading events in system.log
- Application crash reports related to RAR Extractor
Network Indicators:
- Unexpected outbound connections from the RAR Extractor process
SIEM Query:
process.name:"RAR Extractor" AND event.action:"library-loaded" AND library.path:("*.dylib")