Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

[VS-2018-007] CactusVPN for MacOS Root Privilege Escalation Vulnerability | XPC

CVE ID

CVE-2018-7493

CVSS Score

Vendor

CactusVPN

Product

CactusVPN < 6.0

Vulnerability Details

CactusVPN for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Vendor Response

Vendor has released an update.

Disclosure Timeline

  • 02-21-2018 - Vendor disclosure
  • 02-23-2018 - Vendor response
  • 02-27-2018 - Vendor submitted update for testing
  • 03-02-2018 - VerSprite validated the vulnerability had been fixed
  • 03-05-2018 - Vendor released update
  • 03-05-2018 - Vendor notified of advisory release

Credit

Benjamin Watson of VerSprite Security (@rotlogix)