HomeAdvisoriesCactusVPN for MacOS

CactusVPN for MacOS

Root Privilege Escalation Vulnerability | XPC

Previous AdvisoryNext Advisory

CVE ID

CVE-2018-7493

Vendor

CactusVPN

Product

CactusVPN

Product Version

< 6.0

Vulnerability Details

CactusVPN for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Learn more

Vendor Response

Vendor has released an update.

Disclosure Timeline

21.02.2018
Vendor disclosure
23.02.2018
Vendor response
27.02.2018
Vendor submitted update for testing
02.03.2018
VerSprite validated the vulnerability had been fixed
05.03.2018
Vendor released update
05.03.2018
Vendor notified of advisory release

Previous AdvisoryNext Advisory

A Look at RACI Models within Application Threat Modeling

Offensive Security

DevSecOps

GRC Services

Threat Intelligence

VS-Labs Security Research

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

5 Steps to Implement an Application Threat Modeling Program

Who We Are