| ID | Name |
|---|---|
| ATAGS-T1078.001 | Bypass User Account Control |
| ATAGS-T1078.002 | Elevated Execution with Prompt |
| ATAGS-T1078.003 | Setuid and Setgid |
| ATAGS-T1078.004 | Sudo and Sudo Caching |
| ATAGS-T1078.005 | TCC Manipulation |
| ATAGS-T1078.006 | Temporary Elevated Cloud Access |
Threat Actors may leverage the AuthorizationExecuteWithPrivileges API to escalate privileges by prompting the user for credentials. The purpose of this API is to give application developers an easy way to perform operations with root privileges, such as for application installation or updating. This API does not validate that the program requesting root privileges comes from a reputable source or has been maliciously modified.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.