Home | Research | Resources | Advisories | PureVPN for MacOS
Root Privilege Escalation
CVE ID
CVE-2018-6822
VENDOR
PureVPN
PRODUCT
PureVPN
Product version
PureVPN for MacOS < 6.0.1
Vulnerability Details
The PureVPN for MacOs's HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.
Learn More →
Vendor response
PureVPN provided updated an patched version for validation, however the vulnerability appears to still be present.
Disclosure timeline
01-29-2018 - Disclosed to PureVPN via support 01-29-2018 - Contacted PureVPN via contact form 01-29-2018 - Contacted PureVPN via twitter 01-29-2018 - Disclosed to PureVPN via email 01-29-2018 - PureVPN confirmed they received the disclosure 02-04-2018 - PureVPN provided updated file for testing 02-06-2018 - Patched version provided by PureVPN still contained vulnerability 02-07-2018 - Updated PureVPN, still waiting for a response