Skip to content

Latest commit

 

History

History
38 lines (27 loc) · 1.24 KB

VS-2018-002.md

File metadata and controls

38 lines (27 loc) · 1.24 KB
Raw

[VS-2018-002] PureVPN for MacOS Root Privilege Escalation Vulnerability

CVE ID

CVE-2018-6822

CVSS Score

https://nvd.nist.gov/vuln/detail/CVE-2018-6822

Vendor

PureVPN

Product

PureVPN for MacOS < 6.0.1

Vulnerability Details

The PureVPN's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

Exploit

https://github.com/VerSprite/research/tree/master/exploits/VS-2018-002

Vendor Response

PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.

Disclosure Timeline

  • 01-29-2018 - Disclosed to PureVPN via support
  • 01-29-2018 - Contacted PureVPN via contact form
  • 01-29-2018 - Contacted PureVPN via twitter
  • 01-29-2018 - Disclosed to PureVPN via email
  • 01-29-2018 - PureVPN confirmed they received the disclosure
  • 02-04-2018 - PureVPN provided updated file for testing
  • 02-06-2018 - Patched version provided by PureVPN still contained vulnerability
  • 02-07-2018 - Updated PureVPN, still waiting for a response

Credit

Benjamin Watson of VerSprite Security (@rotlogix)