PureVPN for MacOS | Security Research Advisory | VerSprite PureVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  PureVPN for MacOS

PureVPN for MacOS

Root Privilege Escalation

CVE ID

CVE-2018-6822

VENDOR

PureVPN

PRODUCT

PureVPN

Product version

PureVPN for MacOS < 6.0.1

Vulnerability Details

The PureVPN for MacOs's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

Learn More →

Vendor response

PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.

Disclosure timeline

01-29-2018 - Disclosed to PureVPN via support
01-29-2018 - Contacted PureVPN via contact form
01-29-2018 - Contacted PureVPN via twitter
01-29-2018 - Disclosed to PureVPN via email
01-29-2018 - PureVPN confirmed they received the disclosure
02-04-2018 - PureVPN provided updated file for testing
02-06-2018 - Patched version provided by PureVPN still contained vulnerability
02-07-2018 - Updated PureVPN, still waiting for a response

Digging up the Past: OS X File Versioning

Digging up the Past: OS X File Versioning

Blog Post

Digging up the Past: OS X File Versioning

MacOS

IPVanish for MacOS vulnerability

IPVanish for MacOS

Advisory

IPVanish for MacOS

MacOS

MacKeeper vulnerability

MacKeeper

Advisory

MacKeeper

MacOS

    Back to Advisory Main         Visit Resource Library    

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2021 VerSprite - All Rights Reserved