CVE-2017-17809

Name of the Vulnerable Software and Affected Versions Golden Frog VyprVPN versions prior to 2.15.0.5828

Description The issue concerns an unprotected XPC service in the vyprvpnservice launch daemon, which allows attackers to modify the OpenVPN configuration and arguments passed to the OpenVPN binary. This can be exploited by forcing the VyprVPN application to load a malicious dynamic library when a new connection is established.

Recommendations For versions prior to 2.15.0.5828, update to version 2.15.0.5828 or later to resolve the issue. As a temporary workaround, consider restricting access to the XPC service to minimize the risk of exploitation.