Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

[VS-2018-002] PureVPN for MacOS Root Privilege Escalation Vulnerability

CVE ID

CVE-2018-6822

CVSS Score

https://nvd.nist.gov/vuln/detail/CVE-2018-6822

Vendor

PureVPN

Product

PureVPN for MacOS < 6.0.1

Vulnerability Details

The PureVPN's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

Exploit

https://github.com/VerSprite/research/tree/master/exploits/VS-2018-002

Vendor Response

PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.

Disclosure Timeline

  • 01-29-2018 - Disclosed to PureVPN via support
  • 01-29-2018 - Contacted PureVPN via contact form
  • 01-29-2018 - Contacted PureVPN via twitter
  • 01-29-2018 - Disclosed to PureVPN via email
  • 01-29-2018 - PureVPN confirmed they received the disclosure
  • 02-04-2018 - PureVPN provided updated file for testing
  • 02-06-2018 - Patched version provided by PureVPN still contained vulnerability
  • 02-07-2018 - Updated PureVPN, still waiting for a response

Credit

Benjamin Watson of VerSprite Security (@rotlogix)