CVE-2018-8076

Name of the Vulnerable Software and Affected Versions: ZenMate version 1.5.4 for macOS

Description: The issue is related to a type confusion problem within the com.zenmate.chron-xpc LaunchDaemon component. This component implements an XPC service that uses an insecure XPC API, potentially allowing an attacker to pass an XPC object of the wrong type to the xpc connection create from endpoint function. However, due to internal checks implemented by Apple in recent macOS and OS X versions, exploitation of this issue would likely result in a denial of service.

Recommendations: For ZenMate version 1.5.4, consider disabling the com.zenmate.chron-xpc LaunchDaemon component as a temporary workaround to minimize the risk of exploitation.