CactusVPN for MacOS | Security Research Advisory | VerSprite CactusVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  CactusVPN for MacOS

CactusVPN for MacOS

Root Privilege Escalation Vulnerability | XPC

CVE ID

CVE-2018-7493

VENDOR

CactusVPN

PRODUCT

CactusVPN

Product version

< 6.0

Vulnerability Details

CactusVPN for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Vendor response

Vendor has released an update.

Disclosure timeline

02-21-2018 - Vendor disclosure
02-23-2018 - Vendor response
02-27-2018 - Vendor submitted update for testing
03-02-2018 - VerSprite validated the vulnerability had been fixed
03-05-2018 - Vendor released update
03-05-2018 - Vendor notified of advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos