A high-severity vulnerability has been identified in Magic Mouse 2 Utilities 2, which could allow a local attacker to escalate their privileges on an affected system. Successful exploitation could grant an attacker administrative control, enabling them to steal sensitive data, install malicious software, or completely compromise the host machine. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this significant risk.

This vulnerability is a local privilege escalation flaw within the Magic Mouse 2 Utilities 2 software. An authenticated, low-privileged attacker can exploit this weakness to execute arbitrary code with SYSTEM or administrative-level permissions. The vulnerability likely stems from an insecure handling of service permissions or a DLL hijacking opportunity in a privileged process associated with the utility, allowing a malicious actor to replace a required file or manipulate the service to run their own code in an elevated context.

This vulnerability presents a significant risk to the organization, categorized as High severity with a CVSS score of 7.8. If exploited, an attacker who has already gained an initial low-privilege foothold on a workstation or server could elevate their access to full administrative control. This could lead to a complete compromise of the system's confidentiality, integrity, and availability, resulting in sensitive data exfiltration, deployment of ransomware, lateral movement across the network, and a persistent foothold for the attacker within the corporate environment.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected systems without delay. After patching, system administrators should review system and application logs for any signs of unauthorized privilege escalation or suspicious activity originating from the Magic Mouse utility processes prior to the patch deployment.

Proactive Monitoring: Security teams should configure monitoring and alerting for suspicious behavior related to this vulnerability. This includes monitoring for unexpected processes being spawned by the Magic Mouse service with SYSTEM privileges, unusual file modifications within the software's installation directory, and any attempts to load unsigned or anomalous DLLs by the application.

Compensating Controls: If immediate patching is not feasible, organizations should implement compensating controls. These include enforcing the principle of least privilege for all user accounts, utilizing application whitelisting solutions to prevent the execution of unauthorized code, and deploying an Endpoint Detection and Response (EDR) solution capable of detecting and blocking common privilege escalation techniques.

Public Exploit Available: false

Given the high CVSS score of 7.8, this vulnerability poses a critical risk and should be addressed urgently. Although there is no evidence of active exploitation at this time, the potential for a local attacker to gain full system control is severe. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patches to all systems running the affected Magic software to prevent potential future exploitation.