Skip to content

Latest commit

 

History

History
41 lines (30 loc) · 1.3 KB

VS-2018-008.md

File metadata and controls

41 lines (30 loc) · 1.3 KB
Raw

[VS-2018-008] MacKeeper Root Privilege Escalation Vulnerability

CVE ID

CVE-2018-10171

CVSS Score

Pending

Vendor

KromTech

Product

MacKeeper

Product Version

3.20.4

Vulnerability Details

MacKeeper suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.

Vendor Response

Vendor released update

Disclosure Timeline

  • 02-23-2018 - Vendor notified via email
  • 02-23-2018 - Vendor notified via Facebook
  • 02-23-2018 - Vendor response via email
  • 02-26-2018 - Vendor disclosure
  • 02-26-2018 - Vendor response
  • 02-26-2018 - VerSprite Security provides detailed vulnerability guidance
  • 03-08-2018 - Vendor followup
  • 03-08-2018 - Vendor response and followup
  • 03-08-2018 - VerSprite Security extends advisory release timeline
  • 04-11-2018 - VerSprite Security verifies vulnerability resolution
  • 04-16-2018 - Vendor notified of the advisory release

Credit

Benjamin Watson of VerSprite Security (@rotlogix)