We had a short look at the buffer overflow found by fuzzing `process_browse_data` to determine its exploitability. Conclusion: this bug alone won't give you RCE, or even an info leak.
It's an out-of-bounds read of 1 byte past the end of a stack buffer. In various places the following condition is used to determine whether to stop processing:
Some more details about this vulnerability: com.apple.AppStoreDaemon.StorePrivilegedTaskService is an XPC service embedded in AppStoreDaemon.framework. Any (sandboxed) application can load this framework and then communicate with this service.
It has a ServiceType of System, so this XPC service runs as root. This service appears to be used for performing privileged operations for App Store installs: moving files, changing xattrs adding receipts, etc.
