Root Privilege Escalation
PureVPN for MacOS < 6.0.1
The PureVPN for MacOs's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.
Learn More →
PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.
01-29-2018 - Disclosed to PureVPN via support 01-29-2018 - Contacted PureVPN via contact form 01-29-2018 - Contacted PureVPN via twitter 01-29-2018 - Disclosed to PureVPN via email 01-29-2018 - PureVPN confirmed they received the disclosure 02-04-2018 - PureVPN provided updated file for testing 02-06-2018 - Patched version provided by PureVPN still contained vulnerability 02-07-2018 - Updated PureVPN, still waiting for a response
Offensive Minded Security Exploit Development