111 matches found
Design/Logic Flaw
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this...
CVE-2019-13013
CVE-2019-13013 affects Little Snitch versions 4.3.0 to 4.3.2. The vulnerability lies in the privileged helper tool, which exposes an XPC interface accessible to any process and allows directory listings and copying files as root, enabling local privilege escalation. The available connected docume...
CVE-2019-13014
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this...
CVE-2019-13014
CVE-2019-13014 affects Little Snitch. The vulnerability arises from a privileged helper where the operating system may have retained a copy that is not removed or updated during upgrade to 4.4.0, leaving systems potentially exposed after upgrading. The issue is resolved in version 4.4.1 by removi...
CVE-2018-10171
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shel...
CVE-2018-4052
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user...
Information disclosure
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user...
CVE-2018-4053
An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable...
CVE-2018-4052
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user...
GOG Galaxy Games fillProcessInformationForPids information leak vulnerability
Summary An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user. Tested Versions Gog Galaxy...
GOG Galaxy Games privileged helper denial-of-service vulnerability
Summary An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy’s Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable. Tested Versions Gog...
Input validation
An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a...
CVE-2018-4046
An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a...
Clean My Mac X pleaseTerminate denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machi...
NordVPN Root Elevation of Privilege Vulnerability
NordVPN is a virtual private network tool that gives you a high-speed and stable connection to the world wide web and secure access to a wide range of streaming sites, censored content and social media. NordVPN 3.3.10 for macOS suffers from a root elevation of privilege vulnerability. An attacker...
CVE-2018-9105
NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. The vulnerability stems from its privileged helper tool's implemented XPC service. This XPC service is responsible for receiving and processing new OpenVPN connection requests from the main application. Unfortunately...
VPN Unlimited for macOS privileged helper tool privilege access control vulnerability
VPN Unlimited for macOS is a VPN application based on macOS platform. privileged helper tool is one of the helper tools. A privilege access control vulnerability exists in the privileged helper tool in version 4.2.0 of VPN Unlimited for macOS. An attacker can use this vulnerability to execute...
CVE-2018-8739
VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root...
CVE-2018-8739
VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root...
CactusVPN root elevation of privilege vulnerability
CactusVPN for macOS is a macOS-based VPN software from CactusVPN Moldova for anonymous access to the Internet. privileged helper tool is one of the helper tools. A privileged helper tool vulnerability exists in CactusVPN 6.0 and earlier versions for macOS-based platforms. An attacker can exploit...