VPN Unlimited for MacOS | Security Research Advisory | VerSprite VPN Unlimited for MacOS | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  VPN Unlimited for MacOS

VPN Unlimited for MacOS

Root Privilege Escalation

CVE ID

CVE-2018-8739

VENDOR

Keep Solid

PRODUCT

VPN Unlimited for MacOS

Product version

< 4.2.0

Vulnerability Details

VPN Unlimited for MacOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.

Vendor response

VPN Unlimited team is reviewing.

Disclosure timeline

03-04-2018 - Vendor disclosure via email
03-04-2018 - Vendor notified via Facebook
03-05-2018 - Vendor response and follow up
03-06-2018 - Vendor requested additional information, POC and follow up
03-08-2018 - VerSprite provided vendor with additional information
and POC
03-09-2018 - Vendor response
03-13-2018 - Vendor notified of diclosure schedule
03-14-2018 - Vendor notified of advisory release

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos