IPVanish VPN for macOS flaw could let local attackers run code as root

Security researchers have published a new report that claims a local privilege escalation weakness in IPVanish’s macOS app can let an unprivileged user run arbitrary code as root. The write-up says the bug sits in a privileged helper tool named com.ipvanish.osx.vpnhelper, which accepts XPC connections without properly authenticating the caller. This attack requires local access. […] The post IPVanish VPN for macOS flaw could let local attackers run code as root appeared first on VPN Central.