Description
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the path string from the corresponding XPC message. This string is supposed to point to PrivateVPN's internal openvpn binary. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the path string pointing at a binary that he or she controls. This results in the execution of arbitrary code as the root user.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-005.md
Scores
CVSS v3
9.8
EPSS
0.0069
EPSS Percentile
72.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
privatevpn/privatevpn
2.0.31
Published
Mar 05, 2018
Tracked Since
Feb 18, 2026