Root Privilege Escalation Vulnerability | XPC
CactusVPN for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.
Vendor has released an update.
02-21-2018 - Vendor disclosure 02-23-2018 - Vendor response 02-27-2018 - Vendor submitted update for testing 03-02-2018 - VerSprite validated the vulnerability had been fixed 03-05-2018 - Vendor released update 03-05-2018 - Vendor notified of advisory release
Offensive Minded Security Exploit Development