Shimo VPN Client for MacOS Shimo VPN Client for MacOS

Home  |  Research  |  Resources  |  Advisories  |  Shimo VPN Client for MacOS

Shimo VPN Client for MacOS

Root Privilege Escalation

CVE ID

CVE-2018-6823

VENDOR

Mailbutler GmbH

PRODUCT

Shimo

Product version

Shimo for MacOS < 4.1.5.1

Vulnerability Details

The Shimo VPN Client for MacOS's com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

Learn More →

Vendor response

Mailbutler GmbH responded stating their developer would review.

Disclosure timeline

01-29-2018 - Contacted Shimno Support
01-29-2018 - Contacted Mailbutler GmbH at [email protected]
01-29-2018 - Received automated response from support system
02-02-2018 - No response Shimno Support
02-02-2018 - No response Mailbutler GmbH
02-07-2018 - Advisory released
02-09-2018 - Mailbutler GmbH response

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos