CVE-2024-14032 HIGH

CVE-2024-14032: Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write

Vendor Twitch
Product Twitch Studio
Weakness CWE-862 · Missing authorization
Published April 6, 2026
Last update April 6, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite system files and privileged binaries, achieving full system compromise. Twitch Studio was discontinued in May 2024.

Key dates

02Disclosure timeline

April 6, 2026 CVE published
April 6, 2026 Record updated

Related vulnerabilities

04Related CVE