MacKeeper | Security Research Advisory | VerSprite MacKeeper | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  MacKeeper

MacKeeper

Privilege Escalation

CVE ID

CVE-2018-10171

VENDOR

KromTech

PRODUCT

MacKeeper

Product version

3.20.4

Vulnerability Details

MacKeeper suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shell scripts as the root user.

Learn More →

Vendor response

Vendor released update

Disclosure timeline

02-23-2018 - Vendor notified via email
02-23-2018 - Vendor notified via Facebook
02-23-2018 - Vendor response via email
02-26-2018 - Vendor disclosure
02-26-2018 - Vendor response
02-26-2018 - VerSprite Security provides detailed vulnerability guidance
03-08-2018 - Vendor followup
03-08-2018 - Vendor response and followup
03-08-2018 - VerSprite Security extends advisory release timeline
04-11-2018 - VerSprite Security verifies vulnerability resolution
04-16-2018 - Vendor notified of the advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos