CVE-2018-7311

Name of the Vulnerable Software and Affected Versions PrivateVPN version 2.0.31 for macOS

Description The software installs a privileged helper tool that runs as the root user, which is installed as a LaunchDaemon and implements an XPC service. This XPC service handles new VPN connection operations via the main PrivateVPN application. The privileged helper tool creates new VPN connections by executing the openvpn binary located in the /Applications/PrivateVPN.app/Contents/Resources directory. The openvpn binary can be overwritten by the default user, allowing an attacker that has already installed malicious software as the default user to replace the binary. When a new VPN connection is established, the privileged helper tool will launch this malicious binary, thus allowing an attacker to execute code as the root user.

Recommendations As a temporary workaround, consider disabling the execution of the openvpn binary by the privileged helper tool until a fix is available. Restrict access to the /Applications/PrivateVPN.app/Contents/Resources directory to minimize the risk of exploitation. Avoid using the PrivateVPN application to establish new VPN connections until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.