CactusVPN for MacOS | Security Research Advisory | VerSprite CactusVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  CactusVPN for MacOS

CactusVPN for MacOS

Root Privilege Escalation Vulnerability | XPC

CVE ID

CVE-2018-7493

VENDOR

CactusVPN

PRODUCT

CactusVPN

Product version

< 6.0

Vulnerability Details

CactusVPN for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Learn More →

Vendor response

Vendor has released an update.

Disclosure timeline

02-21-2018 - Vendor disclosure
02-23-2018 - Vendor response
02-27-2018 - Vendor submitted update for testing
03-02-2018 - VerSprite validated the vulnerability had been fixed
03-05-2018 - Vendor released update
03-05-2018 - Vendor notified of advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos