Race condition vulnerability in Zscaler Client Connector for macOS prior to 3.6 allows local adversary to shutdown tunnel

Race condition vulnerability in Zscaler Client Connector for macOS prior to 3.6 allows local adversary to shutdown tunnel

CVE-2021-26737 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.

Learn more about our Cis Benchmark Audit For Apple Macos.