Home | Research | Resources | Advisories | CactusVPN for MacOS
Root Privilege Escalation Vulnerability | XPC
CVE ID
CVE-2018-7493
VENDOR
CactusVPN
PRODUCT
CactusVPN
Product version
< 6.0
Vulnerability Details
CactusVPN for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.
Learn More →
Vendor response
Vendor has released an update.
Disclosure timeline
02-21-2018 - Vendor disclosure 02-23-2018 - Vendor response 02-27-2018 - Vendor submitted update for testing 03-02-2018 - VerSprite validated the vulnerability had been fixed 03-05-2018 - Vendor released update 03-05-2018 - Vendor notified of advisory release