CVE-2018-6823
https://nvd.nist.gov/vuln/detail/CVE-2018-6823
Mailbutler GmbH
Shimo for MacOS < 4.1.5.1
The Shimo VPN Client's com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
https://github.com/VerSprite/research/tree/master/exploits/VS-2018-001
Mailbutler GmbH responded stating their developer would review.
- 01-29-2018 - Contacted Shimno Support
- 01-29-2018 - Contacted Mailbutler GmbH at support@mailbutler.io
- 01-29-2018 - Received automated response from support system
- 02-02-2018 - No response Shimno Support
- 02-02-2018 - No response Mailbutler GmbH
- 02-07-2018 - Advisory released
- 02-09-2018 - Mailbutler GmbH response
Benjamin Watson of VerSprite Security (@rotlogix)