CactusVPN for MacOS

Root Privilege Escalation Vulnerability | XPC





Product Version

< 6.0

Vulnerability Details

CactusVPN for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Vendor Response

Vendor has released an update.

Disclosure Timeline

  • Vendor disclosure

  • Vendor response

  • Vendor submitted update for testing

  • VerSprite validated the vulnerability had been fixed

  • Vendor released update

  • Vendor notified of advisory release