CVE-2022-24115 : What You Need to Know

Acronis Cyber Protect Home Office and Acronis True Image 2021 for macOS are affected by a local privilege escalation vulnerability due to unrestricted loading of unsigned libraries.

Understanding CVE-2022-24115

This CVE-2022-24115 vulnerability was made public on February 2, 2022.

What is CVE-2022-24115?

The vulnerability in Acronis products allows an attacker to execute arbitrary code with elevated privileges through the loading of unsigned libraries.

The Impact of CVE-2022-24115

This vulnerability could be exploited by malicious actors to gain escalated privileges and potentially take complete control of affected systems.

Technical Details of CVE-2022-24115

The following technical details outline the nature of the vulnerability:

Vulnerability Description

The vulnerability arises due to the unrestricted loading of unsigned libraries in Acronis Cyber Protect Home Office and Acronis True Image 2021 for macOS.

Affected Systems and Versions

Acronis Cyber Protect Home Office versions prior to build 39605 and Acronis True Image 2021 versions before build 39287 on macOS are impacted.

Exploitation Mechanism

An attacker can exploit this vulnerability by loading specially crafted unsigned libraries to execute arbitrary code with elevated privileges.

Mitigation and Prevention

To protect systems from CVE-2022-24115, follow the below steps:

Immediate Steps to Take

Update Acronis Cyber Protect Home Office to build 39605 or later.
Update Acronis True Image 2021 to build 39287 or later.

Long-Term Security Practices

Employ the following practices to enhance overall security:

Regularly update software and apply patches promptly.
Implement least privilege access policies to limit potential damage from security incidents.

Patching and Updates

Stay informed about security advisories from Acronis and apply updates as soon as they are released.