Home | Research | Resources | Advisories | Shimo VPN Client for MacOS
Root Privilege Escalation
CVE ID
CVE-2018-6823
VENDOR
Mailbutler GmbH
PRODUCT
Shimo
Product version
Shimo for MacOS < 4.1.5.1
Vulnerability Details
The Shimo VPN Client for MacOS's com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
Learn More →
Vendor response
Mailbutler GmbH responded stating their developer would review.
Disclosure timeline
01-29-2018 - Contacted Shimno Support
01-29-2018 - Contacted Mailbutler GmbH at [email protected]
01-29-2018 - Received automated response from support system
02-02-2018 - No response Shimno Support
02-02-2018 - No response Mailbutler GmbH
02-07-2018 - Advisory released
02-09-2018 - Mailbutler GmbH response