CVE-2019-12174

Name of the Vulnerable Software and Affected Versions hide.me version prior to 2.4.4

Description The issue arises from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me hide vpnhelper.Helper class. This method is susceptible to user-supplied input, allowing for privilege escalation and the ability to run any application on the system in the root context.

Recommendations For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the connectWithExecutablePath:configFilePath:configFileName method of the me hide vpnhelper.Helper class until a patch is applied.