Home | Research | Resources | Advisories | VyprVPN for MacOS
Privilege Escalation
CVE ID
CVE-2017-17809
VENDOR
Golden Frog
PRODUCT
VyprVPN
Product version
VyperVPN for MacOS < 2.15.0.5828
Vulnerability Details
The VyprVPN for MacOS's vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.
Learn More →
Vendor response
Golden Frog accepted and remediated the vulnerability
Disclosure timeline
2017-12-08 - Contacted Gold Frog Support and asked to be put in touch with a security resource for the disclosure process
2017-12-08 - Golden Frog Supported responded requesting details about the vulnerability
2017-12-08 - Responded to Gold Frog Support with the requested details
2017-12-08 - Golden Frog Support asked that the details be forwarded to [email protected], I complied
2017-12-11 - A Golden Frog technical representative asked for the vulnerability details again, I complied
2017-12-13 - The Golden Frog technical representative informed me they had a fix and asked for a proof of concept
2017-12-15 - The Golden Frog technical representative apprised me they would be scheduling a product update for the following week
2017-12-20 - The VyprVPN for MacOS update is made available
2017-12-20 - Advisory is released