[CVE-2017-17809] VyprVPN for MacOS Privilege Escalation Vulnerability

CVSS Score


Golden Frog


VyprVPN for MacOS <

Vulnerability Details

The VyprVPN's vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.