CVE-2023-41744: 
Acronis Cyber Protect vulnerability analysis and mitigation

CVE-2023-41744 is a local privilege escalation vulnerability affecting Acronis products on macOS systems. The vulnerability stems from unrestricted loading of unsigned libraries in Acronis Agent (macOS) before build 30600 and Acronis Cyber Protect 15 (macOS) before build 35979. This vulnerability was disclosed on August 31, 2023 (NVD).

The vulnerability is classified as CWE-347 (Improper Verification of Cryptographic Signature) and has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially resulting in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability can lead to local privilege escalation on affected systems, potentially allowing attackers to gain elevated privileges and execute unauthorized commands. The high CVSS scores for confidentiality, integrity, and availability (all rated as High) indicate significant potential impact if successfully exploited (NVD).

Users of affected products should upgrade to Acronis Agent (macOS) build 30600 or later, or Acronis Cyber Protect 15 (macOS) build 35979 or later. The vulnerability has been addressed in these newer versions (Acronis Advisory).