CVE-2024-14032
Privilege Escalation in Twitch Studio via Unprotected XPC Service
Publication date: 2026-04-06
Last updated on: 2026-04-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| twitch | twitch_studio | to 0.114.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-14032 is a privilege escalation vulnerability in Twitch Studio version 0.114.8 and earlier. It exists in the privileged helper tool called LauncherHelper, which runs with root privileges and communicates via Apple's XPC mechanism.
The vulnerability arises because the helper tool lacks proper authorization checks on its XPC service, allowing local attackers with limited privileges to invoke the installFromPath:toPath:withReply: method.
This method lets attackers overwrite system files and privileged binaries by moving or replacing files as root without any security validation, enabling arbitrary code execution with root privileges and full system compromise.
Twitch Studio was discontinued in May 2024, and the vulnerability remains unpatched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows local attackers to escalate privileges to root, enabling arbitrary code execution and full system compromise by overwriting system files and privileged binaries.
Such a compromise could lead to unauthorized access, modification, or destruction of sensitive data, which may violate data protection requirements under standards like GDPR and HIPAA.
However, the provided information does not explicitly discuss the direct impact on compliance with these regulations.
How can this vulnerability impact me? :
Exploiting this vulnerability allows a local attacker with limited privileges to gain root-level access on the affected system.
An attacker can overwrite critical system files and privileged binaries, leading to arbitrary code execution as root.
This results in full system compromise, including the ability to modify system configurations, install persistent backdoors, or escalate privileges for further attacks.
Since Twitch Studio is discontinued and unpatched, systems with the helper tool installed remain at risk unless the vulnerable components are manually removed.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable Twitch Studio privileged helper tool and its associated LaunchDaemon plist on your system.
- Check if the helper binary exists at /Library/PrivilegedHelperTools/com.twitch.LauncherHelper
- Check if the LaunchDaemon plist exists at /Library/LaunchDaemons/com.twitch.LauncherHelper.plist
- Use commands like `ls -l /Library/PrivilegedHelperTools/com.twitch.LauncherHelper` and `ls -l /Library/LaunchDaemons/com.twitch.LauncherHelper.plist` to verify their presence.
- You can also check running launchd services with `launchctl list | grep com.twitch.LauncherHelper` to see if the helper is active.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should manually remove the vulnerable privileged helper tool and its LaunchDaemon plist from your system.
- Delete the helper binary located at /Library/PrivilegedHelperTools/com.twitch.LauncherHelper
- Delete the LaunchDaemon plist located at /Library/LaunchDaemons/com.twitch.LauncherHelper.plist
Removing these files prevents the vulnerable service from running and stops potential exploitation, especially since Twitch Studio is discontinued and no patches will be released.