Home | Research | Resources | Advisories | MacKeeper
Privilege Escalation
CVE ID
CVE-2018-10171
VENDOR
KromTech
PRODUCT
MacKeeper
Product version
3.20.4
Vulnerability Details
MacKeeper suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper
component. The AdwareAnalzyerPrivilegedHelper
tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.
Learn More →
Vendor response
Vendor released update
Disclosure timeline
02-23-2018 - Vendor notified via email 02-23-2018 - Vendor notified via Facebook 02-23-2018 - Vendor response via email 02-26-2018 - Vendor disclosure 02-26-2018 - Vendor response 02-26-2018 - VerSprite Security provides detailed vulnerability guidance 03-08-2018 - Vendor followup 03-08-2018 - Vendor response and followup 03-08-2018 - VerSprite Security extends advisory release timeline 04-11-2018 - VerSprite Security verifies vulnerability resolution 04-16-2018 - Vendor notified of the advisory release