Description
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759
Scores
CVSS v3
5.5
EPSS
0.0040
EPSS Percentile
31.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-459
Status
published
Products (1)
macpaw/cleanmymac_x
4.20
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026