Home / Technology / Mac VPN Flaw Gives Hackers Root Access
Mac VPN Flaw Gives Hackers Root Access
5 Mar
Summary
- A critical vulnerability allows arbitrary code execution as root.
- The flaw impacts IPVanish Mac app users utilizing OpenVPN.
- A fix is in progress, with updates rolling out soon.
A critical vulnerability, rated 8.8 (High), has been identified in the IPVanish VPN application for macOS. This flaw enables malicious actors to gain complete control over a user's system by executing arbitrary code with root privileges. Cybersecurity researchers at SecureLayer7 discovered that the app's privileged helper tool for the OpenVPN protocol fails to adequately verify command origins.
IPVanish has acknowledged the vulnerability and stated they are actively working on a fix. The company confirmed that only users employing the OpenVPN protocol on their Mac are impacted. Users who primarily utilize WireGuard, the default protocol for new installations, are not affected by this specific issue.
As a temporary measure until a patch is released, IPVanish advises affected users to uninstall the OpenVPN driver through the app's settings. The company plans to release an update that will automatically prompt all macOS users to install the latest version, thereby resolving the security concern.
