CactusVPN for MacOS

Root Privilege Escalation | setuid





Product Version

CactusVPN for MacOS < 5.3.6

Vulnerability Details

The CactusVPN for MacOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this to a system() call, thus allowing low privileged users to execute commands as root.

Vendor Response

CactusVPN has remediated the vulnerability.

Disclosure Timeline

  • Vendor contacted via Twitter

  • Vendor contacted via Facebook

  • Vendor response and disclosure

  • Vendor responded that team is working on update

  • VerSprite confirmed the ETA release of the patched sofware

  • Vendor sent patched software for validation

  • VerSprite validated the vulnerability had been fixed

  • Vendor notified of advisory release