CVE-2018-6823

Published February 7th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

HIGH

Affected

PROJECT

Description

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

VerSprite/research

VerSprite Security Research

GitHub

167