CVE-2024-11468
Published: 04 February 2025
Description
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
Security Summary
Omnissa Horizon Client for macOS is affected by CVE-2024-11468, a local privilege escalation vulnerability arising from a flaw in the installation process. This issue, tracked under CWE-276, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H) and was published on 2025-02-04.
Local attackers with user-level privileges on the affected macOS system can exploit this vulnerability to escalate to root privileges. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially granting full system control where the Horizon Client is installed.
Mitigation guidance and patches are detailed in Omnissa security advisory OMSA-2024-0002, available at https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf, along with additional information on the Omnissa security response page at https://www.omnissa.com/omnissa-security-response/.
Details
- CWE(s)