MacKeeper | Security Research Advisory | VerSprite MacKeeper | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  MacKeeper

MacKeeper

Privilege Escalation

CVE ID

CVE-2018-10171

VENDOR

KromTech

PRODUCT

MacKeeper

Product version

3.20.4

Vulnerability Details

MacKeeper suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.

Vendor response

Vendor released update

Disclosure timeline

02-23-2018 - Vendor notified via email
02-23-2018 - Vendor notified via Facebook
02-23-2018 - Vendor response via email
02-26-2018 - Vendor disclosure
02-26-2018 - Vendor response
02-26-2018 - VerSprite Security provides detailed vulnerability guidance
03-08-2018 - Vendor followup
03-08-2018 - Vendor response and followup
03-08-2018 - VerSprite Security extends advisory release timeline
04-11-2018 - VerSprite Security verifies vulnerability resolution
04-16-2018 - Vendor notified of the advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos