Primary

Context

Viscosity OpenVPN TCC Bypass Vulnerability on macOS

Vulnerability

Patched

A vulnerability exists in Viscosity OpenVPN on macOS that allows a Launch Agent to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. This could be exploited to access certain resources, limited to user-granted permissions for file resources. Access to other resources, such as the camera or microphone, requires user interaction with a system prompt. The vulnerability has been fixed in Viscosity version 1.11.5.

Impact

Exploitation of this vulnerability could lead to unauthorized access to file resources, bypassing macOS's TCC controls.

Remediation

Users can upgrade to Viscosity version 1.11.5 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.8

exploitability

2.9

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

0.8

exploitability

2.9

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Viscosity OpenVPN TCC Bypass Vulnerability on macOS

Vulnerability

Impact

Remediation

Affected Products

Sparklabs Viscosity

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating