PureVPN for MacOS | Security Research Advisory | VerSprite PureVPN for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  PureVPN for MacOS

PureVPN for MacOS

Root Privilege Escalation

CVE ID

CVE-2018-6822

VENDOR

PureVPN

PRODUCT

PureVPN

Product version

PureVPN for MacOS < 6.0.1

Vulnerability Details

The PureVPN for MacOs's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

Learn More →

Vendor response

PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.

Disclosure timeline

01-29-2018 - Disclosed to PureVPN via support
01-29-2018 - Contacted PureVPN via contact form
01-29-2018 - Contacted PureVPN via twitter
01-29-2018 - Disclosed to PureVPN via email
01-29-2018 - PureVPN confirmed they received the disclosure
02-04-2018 - PureVPN provided updated file for testing
02-06-2018 - Patched version provided by PureVPN still contained vulnerability
02-07-2018 - Updated PureVPN, still waiting for a response

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos