CVE-2018-7715

Name of the Vulnerable Software and Affected Versions PrivateVPN version 2.0.31 for macOS

Description The issue is related to insufficient access control in the com.privat.vpn.helper component, which implements an XPC service for the PrivateVPN software. This allows a remote attacker to execute arbitrary code with root privileges by sending a specially crafted XPC message with a link to a binary file. The XPC service is vulnerable because it extracts a path string from the XPC message, which is supposed to point to PrivateVPN's internal openvpn binary, but can be manipulated to point to a binary controlled by the attacker.

Recommendations For PrivateVPN version 2.0.31 for macOS, consider disabling the com.privat.vpn.helper component until a patch is available to prevent exploitation. Restrict access to the XPC service to minimize the risk of arbitrary code execution as the root user. Avoid using the XPC message with a path string that can be manipulated by an attacker until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.