Unprotected XPC Service in PureVPN 6.0.1 on macOS Allows Root-Level Command Execution

Unprotected XPC Service in PureVPN 6.0.1 on macOS Allows Root-Level Command Execution

CVE-2018-6822 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.

Learn more about our Cis Benchmark Audit For Apple Macos.