HomeAdvisoriesShimo VPN Client for MacOS

Shimo VPN Client for MacOS

Root Privilege Escalation

CVE ID

CVE-2018-6823

Vendor

Mailbutler GmbH

Product

Shimo

Product Version

Shimo for MacOS < 4.1.5.1

Vulnerability Details

The Shimo VPN Client for MacOS’s com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

Learn more

Vendor Response

Mailbutler GmbH responded stating their developer would review.

Disclosure Timeline

  • Contacted Shimno Support

  • Contacted Mailbutler GmbH at [email protected]

  • Received automated response from support system

  • No response Shimno Support

  • No response Mailbutler GmbH

  • Advisory released

  • Mailbutler GmbH response