[VS-2018-002] PureVPN for MacOS Root Privilege Escalation Vulnerability
CVE ID
CVE-2018-6822
CVSS Score
https://nvd.nist.gov/vuln/detail/CVE-2018-6822
Vendor
PureVPN
Product
PureVPN for MacOS < 6.0.1
Vulnerability Details
The PureVPN's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.
Exploit
https://github.com/VerSprite/research/tree/master/exploits/VS-2018-002
Vendor Response
PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.
Disclosure Timeline
- 01-29-2018 - Disclosed to PureVPN via support
- 01-29-2018 - Contacted PureVPN via contact form
- 01-29-2018 - Contacted PureVPN via twitter
- 01-29-2018 - Disclosed to PureVPN via email
- 01-29-2018 - PureVPN confirmed they received the disclosure
- 02-04-2018 - PureVPN provided updated file for testing
- 02-06-2018 - Patched version provided by PureVPN still contained vulnerability
- 02-07-2018 - Updated PureVPN, still waiting for a response
Credit
Benjamin Watson of VerSprite Security (@rotlogix)