CactusVPN for MacOS | Security Research Advisory | VerSprite CactusVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  CactusVPN for MacOS

CactusVPN for MacOS

Root Privilege Escalation | setuid

CVE ID

CVE-2018-7281

VENDOR

CactusVPN

PRODUCT

CactusVPN

Product version

CactusVPN for MacOS < 5.3.6

Vulnerability Details

The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a system() call, thus allowing low privileged users to execute commands as root.

Learn More →

Vendor response

CactusVPN has remediated the vulnerability.

Disclosure timeline

02-16-2018 - Vendor contacted via Twitter
02-16-2018 - Vendor contacted via Facebook
02-16-2018 - Vendor response and disclosure
02-17-2018 - Vendor responded that team is working on update
02-20-2018 - VerSprite confirmed the ETA release of the patched sofware
02-20-2018 - Vendor sent patched software for validation
02-21-2018 - VerSprite validated the vulnerability had been fixed
02-21-2018 - Vendor notified of advisory release

VerSprite Cyberwatch

Blog Post

VerSprite Cyberwatch

cisco

What is Responsible Disclosure?

Blog Post

What is Responsible Disclosure?

Reverse Engineering

security awareness

Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

Blog Post

Penetration Testing Methodology: Emulating Realistic Attacks by a Malicious Actor

Cyberwarfare

    Back to Advisory Main         Visit Resource Library    

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2020 VerSprite - All Rights Reserved