![]() ![]() An attacker could exploit this vulnerability to cross a privilege boundary and delete files from the root file system.įor more information on this vulnerability, read our complete advisory here. Therefore, any application is able to access this function and run it as root. When executing this function, there is no validation of the calling application. This particular bug arises in the `truncateFileAtPath` function of the helper protocol. CleanMyMac X truncateFileAtPath privilege escalation vulnerability (TALOS-2018-0708/CVE-2018-4035)Ī privilege escalation vulnerability exists in the way that the CleanMyMac X software improperly validates inputs. ![]() This particular bug arises in the `removeItemAtPath` function of the helper protocol. CleanMyMac X removeItemAtPath privilege escalation vulnerability (TALOS-2018-0707/CVE-2018-4034)Ī privilege escalation vulnerability exists in the way that the CleanMyMac X software improperly validates inputs. If an attacker enters `nil` into the function’s fourth argument, any other application could access that function as root, allowing them to delete files from the root file system.įor more information on this vulnerability, read our complete advisory here. This particular bug arises in the `moveToTrashItemAtPath` function of the helper protocol. CleanMyMac X moveToTrashItemAtPath privilege escalation vulnerability (TALOS-2018-0706/CVE-2018-4033)Ī privilege escalation vulnerability exists in the way that the CleanMyMac X software improperly validates inputs. Therefore, non-root users could delete files from the root file system.įor more information on this vulnerability, read our complete advisory here. If the attacker supplies `nil` in the to_path argument, the file is deleted, and any application can access this function and run it as root. ![]() This particular bug arises in the in the `moveItemAtPath` function of the helper protocol. Vulnerability details CleanMyMac X moveItemAtPath privilege escalation vulnerability (TALOS-2018-0705/CVE-2018-4032)Ī privilege escalation vulnerability exists in the way that the CleanMyMac X software improperly validates inputs. In accordance with our coordinated disclosure policy, Cisco Talos worked with MacPaw to ensure that these issues are resolved and that an update is available for affected customers. In all of these bugs, an attacker with local access to the victim machine could modify the file system as root. ![]() CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them. Today, Cisco Talos is disclosing several vulnerabilities in MacPaw’s CleanMyMac X software. Tyler Bohan of Cisco Talos discovered these vulnerabilities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |