Shimo VPN Client for MacOS Shimo VPN Client for MacOS

Home  |  Research  |  Resources  |  Advisories  |  Shimo VPN Client for MacOS

Shimo VPN Client for MacOS

Root Privilege Escalation

CVE ID

CVE-2018-6823

VENDOR

Mailbutler GmbH

PRODUCT

Shimo

Product version

Shimo for MacOS < 4.1.5.1

Vulnerability Details

The Shimo VPN Client for MacOS's com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

Vendor response

Mailbutler GmbH responded stating their developer would review.

Disclosure timeline

01-29-2018 - Contacted Shimno Support
01-29-2018 - Contacted Mailbutler GmbH at [email protected]
01-29-2018 - Received automated response from support system
02-02-2018 - No response Shimno Support
02-02-2018 - No response Mailbutler GmbH
02-07-2018 - Advisory released
02-09-2018 - Mailbutler GmbH response

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos