HomeAdvisoriesMacKeeper

MacKeeper

Privilege Escalation

CVE ID

CVE-2018-10171

Vendor

KromTech

Product

MacKeeper

Product Version

3.20.4

Vulnerability Details

MacKeeper suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.

Learn more

Vendor Response

Vendor released update

Disclosure Timeline

  • Vendor notified via email

  • Vendor notified via Facebook

  • Vendor response via email

  • Vendor disclosure

  • Vendor response

  • VerSprite Security provides detailed vulnerability guidance

  • Vendor followup

  • Vendor response and followup

  • VerSprite Security extends advisory release timeline

  • VerSprite Security verifies vulnerability resolution

  • Vendor notified of the advisory release