PT-2019-8746 · Kromtech · Mackeeper

Published

2019-06-05

Updated

2020-08-24

CVE-2018-10171

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Kromtech MacKeeper version 3.20.4

Description The issue allows an unprivileged application to connect and execute shell scripts as the root user through the com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. This component implements an XPC service, enabling the execution of shell scripts with root privileges.

Recommendations For Kromtech MacKeeper version 3.20.4, consider disabling the com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-10171

Affected Products

Mackeeper

PT-2019-8746 · Kromtech · Mackeeper

CVE-2018-10171

Weakness Enumeration

Related Identifiers

Affected Products

References · 4