X-VPN macOS Local Privilege Escalation Vulnerability Allowing Privileged File Corruption

A local privilege escalation vulnerability has been identified in X-VPN for macOS website versions 77.0 through 77.5. This vulnerability allows a local attacker to exploit a race condition and symbolic link manipulation, leading to unauthorized changes to privileged files. The issue arises in the application's Download Protection feature, which, under certain conditions, can be manipulated to redirect administrative operations to unintended files.

Impact

Exploitation of this vulnerability could result in unauthorized modifications to system-level files, potentially allowing a local attacker to escalate privileges and gain administrator-level access on the affected device.

Reproduction

To reproduce this vulnerability, a local attacker must first enable the Download Protection feature in X-VPN macOS website versions 77.0 to 77.5. Once this feature is active, the attacker can exploit the timing gap by manipulating a file that X-VPN is about to process, swapping it with a different one before the application completes its verification. Additionally, the attacker can use a symbolic link to redirect X-VPN's privileged operations to a file of their choice, bypassing normal permission restrictions.

Remediation

Users should update to X-VPN macOS website version 77.5.1 or later. The Mac App Store version is not affected.