CVE-2018-7716

Name of the Vulnerable Software and Affected Versions PrivateVPN version 2.0.31 for macOS

Description The issue is related to the com.privat.vpn.helper privileged helper tool, which implements an XPC service. This service allows any installed application to connect and send messages, extracting a config string from the XPC message. The string is expected to point to an internal OpenVPN configuration file. However, an attacker can send a malicious XPC message with a config string pointing to a controlled OpenVPN configuration file. This file can specify a dynamic library plugin to run for every new VPN connection, executing code in the context of the root user. The vulnerability is associated with insufficient access control in the com.privat.vpn.helper component.

Recommendations For PrivateVPN version 2.0.31 for macOS, consider disabling the XPC service implemented by the com.privat.vpn.helper tool until a patch is available to prevent potential exploitation. Restrict access to the com.privat.vpn.helper component to minimize the risk of arbitrary code execution with root privileges. Avoid using the config string in the affected XPC message to prevent specifying a malicious OpenVPN configuration file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.