Root Privilege Escalation
Shimo for MacOS < 18.104.22.168
The Shimo VPN Client for MacOS's com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
Mailbutler GmbH responded stating their developer would review.
01-29-2018 - Contacted Shimno Support 01-29-2018 - Contacted Mailbutler GmbH at [email protected] 01-29-2018 - Received automated response from support system 02-02-2018 - No response Shimno Support 02-02-2018 - No response Mailbutler GmbH 02-07-2018 - Advisory released 02-09-2018 - Mailbutler GmbH response
Offensive Minded Security Exploit Development