CVE-2024-14032

HIGH 7.8

Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite system files and privileged binaries, achieving full system compromise. Twitch Studio was discontinued in May 2024.

CWE	CWE-862
Vendor	twitch
Product	twitch studio
Published	Apr 6, 2026
Last Updated	Apr 6, 2026

Stay Ahead of the Next One

Get instant alerts for twitch twitch studio

Be the first to know when new high vulnerabilities affecting twitch twitch studio are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Twitch / Twitch Studio

0 ≤ 0.114.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

iru.com: https://www.iru.com/blog/twitch-privileged-helper help.twitch.tv: https://help.twitch.tv/s/topic/0TO3a000000kZfYGAU/twitch-studio help.twitch.tv: https://help.twitch.tv/s/article/recommended-software-for-broadcasting vulncheck.com: https://www.vulncheck.com/advisories/twitch-studio-launcherhelper-xpc-missing-authorization-to-root-file-write

Credits

Christopher Lopez