CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-55504: An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control...

Description

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.

Classification

CVE ID: CVE-2024-55504

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.04% (scored less or equal to compared to others)

EPSS Date: 2025-02-19 (when was this score calculated)

References

https://apps.apple.com/us/app/rar-extractor-unarchiver-pro/id647505820?mt=12
https://github.com/Audit00r/RAR-Extractor-Unarchiver-Pro-Dylib-injection
https://github.com/SyFi/CVE-2024-55504

Timeline

2025-01-22 00:30:29 UTC
CVE

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control...