CVE-2018-4033
CVE-2018-4033 affects MacPaw’s CleanMyMac X (tested with version 4.04). The vulnerability resides in the helper protocol’s moveToTrashItemAtPath function: a nil fourth argument allows any local application to call the function as root, enabling modification/deletion of root-file-system items. Cis...