VPN Unlimited for MacOS

Root Privilege Escalation


Keep Solid


VPN Unlimited for MacOS

Product Version

< 4.2.0

Vulnerability Details

VPN Unlimited for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Vendor Response

VPN Unlimited team is reviewing.

Disclosure Timeline

  • Vendor disclosure via email

  • Vendor notified via Facebook

  • Vendor response and follow up

  • Vendor requested additional information, POC and follow up

  • VerSprite provided vendor with additional information
    and POC

  • Vendor response

  • Vendor notified of diclosure schedule

  • Vendor notified of advisory release