CVE-2018-7493

Name of the Vulnerable Software and Affected Versions CactusVPN versions through 6.0 for macOS

Description The issue is related to the implementation of the XPC interface in the CactusVPN software, which is used to access the VPN service. This implementation has access control weaknesses. Exploitation of the issue can allow a remote attacker to execute system commands with root privileges. The privileged helper tool in CactusVPN implements an XPC interface, enabling arbitrary applications to execute system commands as root.

Recommendations For CactusVPN versions through 6.0 for macOS, consider disabling the privileged helper tool until a patch is available to prevent arbitrary applications from executing system commands as root. Restrict access to the XPC interface to minimize the risk of exploitation.