------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X ------------------------------------------------------------------------ Han Sahin, April 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities were found in the helper binary HMAHelper that ships with HideMyAss Pro VPN for OS X. The helper is installed setuid root and responsible for loading Kernel Extensions (kext) and managing VPN firewall rules. These issues can be leveraged by a local attacker to gain elevated (root) privileges. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was tested on HMA Pro VPN version 2.2.7.0 for OS X ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ HMA Support has reported that this issue will not be fixed. Version 2.2.7.0. is still available for download and was earlier this year also available in the Mac App Store. It seems that this version is still available for older versions of OS X (OS X 10.7 - 10.11). It should be noted the latest version of HMA Pro VPN for OS X (version 3.3.0.3) is vulnerable to a similar local privilege escalation issue that is also not fixed at the time of writing. ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20170402/multiple_local_privilege_escalation_vulnerabilities_in_hidemyass_pro_vpn_client_v2_x_for_os_x.html
