CVE-2018-10192

Name of the Vulnerable Software and Affected Versions IPVanish version 3.0.11 for macOS

Description The issue is related to the com.ipvanish.osx.vpnhelper LaunchDaemon, which implements an insecure XPC service. This allows an attacker to execute arbitrary code as the root user by sending specially crafted XPC messages. The XPC service does not validate incoming connections, making it possible for any installed application to send XPC messages to it. Specifically, an attacker could manipulate the OpenVPNPath variable to point to a malicious binary on the system, which would then be executed as the root user when the com.ipvanish.osx.vpnhelper receives the VPNHelperConnect command.

Recommendations For IPVanish version 3.0.11, consider disabling the com.ipvanish.osx.vpnhelper LaunchDaemon as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the XPC service to minimize the risk of malicious XPC messages being sent to it. Avoid using the OpenVPNPath variable in the affected XPC message until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.