CVE-2018-10171

Name of the Vulnerable Software and Affected Versions Kromtech MacKeeper version 3.20.4

Description The issue allows an unprivileged application to connect and execute shell scripts as the root user through the com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. This component implements an XPC service, enabling the execution of shell scripts with root privileges.

Recommendations For Kromtech MacKeeper version 3.20.4, consider disabling the com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.