PureVPN for MacOS | Security Research Advisory | VerSprite PureVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  PureVPN for MacOS

PureVPN for MacOS

Root Privilege Escalation

CVE ID

CVE-2018-6822

VENDOR

PureVPN

PRODUCT

PureVPN

Product version

PureVPN for MacOS < 6.0.1

Vulnerability Details

The PureVPN for MacOs's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

Vendor response

PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.

Disclosure timeline

01-29-2018 - Disclosed to PureVPN via support
01-29-2018 - Contacted PureVPN via contact form
01-29-2018 - Contacted PureVPN via twitter
01-29-2018 - Disclosed to PureVPN via email
01-29-2018 - PureVPN confirmed they received the disclosure
02-04-2018 - PureVPN provided updated file for testing
02-06-2018 - Patched version provided by PureVPN still contained vulnerability
02-07-2018 - Updated PureVPN, still waiting for a response

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos