Shimo VPN Client for MacOS
Root Privilege Escalation
CVE ID
Vendor
Mailbutler GmbH
Product
Shimo
Product Version
Shimo for MacOS < 4.1.5.1
Vulnerability Details
The Shimo VPN Client for MacOS’s com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
Vendor Response
Mailbutler GmbH responded stating their developer would review.
Disclosure Timeline
-
Contacted Shimno Support
-
Contacted Mailbutler GmbH at [email protected]
-
Received automated response from support system
-
No response Shimno Support
-
No response Mailbutler GmbH
-
Advisory released
-
Mailbutler GmbH response
