macOS PackageKit LPE via ~/.zshenv sourced under installer root context
macOS PackageKit runs PKG-installer shebang scripts under root, and zsh shebangs source ~/.zshenv from the calling user's home before the script body runs, yielding local privilege escalation. Fixed in macOS Sonoma 14.5 (May 2024).
- Vendor
- Apple
- Product
- macOS PackageKit (Installer.app framework)
- CVSS
- 7.8
- EPSS (exploit probability)
- N/A
- Status
- patched
- Published
CVE-2024-27822 is a local privilege escalation flaw in Apple’s PackageKit framework — the code that runs .pkg installer preinstall and postinstall scripts. When a script uses a #!/bin/zsh shebang, the shell it invokes sources the calling user’s ~/.zshenv before running the script body. PackageKit has already elevated the installer to root by that point, so the .zshenv payload runs as root. Any local unprivileged user who can plant a .zshenv in their own home directory has staged a root payload the next time a PKG installer with a zsh preinstall runs on their session.
Advisory context
Apple patched CVE-2024-27822 in macOS Sonoma 14.5 on 2024-05-14, with parallel fixes in macOS Ventura 13.6.7 and macOS Monterey 12.7.5. NVD scores the flaw CVSS 7.8 (high). Rapid7 shipped a public Metasploit module — osx/local/packagekit_zshenv_privesc — on 2026-07-10, more than two years after the fix; the module packages the .zshenv plant, opens a minimal PKG via Installer.app, and waits for the standard installer authentication dialog. Original research is credited to Mykola Grymalyuk, with the Metasploit contribution from h00die.
What to do
Query the MDM (Jamf, Kandji, Intune) for hosts on macOS 14.4 or earlier (Sonoma), 13.6.6 or earlier (Ventura), 12.7.4 or earlier (Monterey), or any macOS 11.x. Those are the builds the Metasploit module needs. A single host that reboots into a two-year-old point release after an image restore is the whole exposure. Upgrade to the patched point release on each supported line.
Coverage context and the two-abstraction framing alongside the FlowiseAI CSV Agent RCE shipped in the same wrap-up: Metasploit Weekly Adds Flowise CSV, macOS PackageKit. Canonical NVD record: CVE-2024-27822.