Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

[VS-2018-014] VPN Unlimited for MacOS Root Privilege Escalation Vulnerability

CVE ID

CVE-2018-8739

CVSS Score

Vendor

Keep Solid

Product

VPN Unlimited for MacOS

Product Version

< 4.2.0

Vulnerability Details

VPN Unlimited for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Vendor Response

VPN Unlimited team is reviewing.

Disclosure Timeline

  • 03-04-2018 - Vendor disclosure via email
  • 03-04-2018 - Vendor notified via Facebook
  • 03-05-2018 - Vendor response and follow up
  • 03-06-2018 - Vendor requested additional information, POC and follow up
  • 03-08-2018 - VerSprite provided vendor with additional information and POC
  • 03-09-2018 - Vendor response
  • 03-13-2018 - Vendor notified of diclosure schedule
  • 03-14-2018 - Vendor notified of advisory release

Credit

Benjamin Watson of VerSprite Security (@rotlogix)