13 Privilege Escalation Bugs For CleanMyMac X Discovered, Updated Fix in Version 4.2.0 Released

13 Privilege Escalation Bugs For CleanMyMac X Discovered, Updated Fix in Version 4.2.0 Released

In the Windows platform, the use of system cleaning tools such as CCleaner has been a regular part used for Windows computer housekeeping. Same housekeeping is required with a Mac, hence programs similar to CCleaner are developed, unfortunately just like any other program they are not perfect. Flaws in tools used for system maintenance come and go, just like what happened with a popular MacOS cleaning tool, CleanMyMac X.

CleanMyMac X is to MacOS what CCleaner is to Windows, a cleaning program that deletes junk files that are no longer needed by the operating system and the programs installed. According to Talos Intelligence, Cisco’s cybersecurity arm, CleanMyMac X mac ads cleaner removal app was discovered having 13 vulnerabilities with CVEs listed below:

CVE-2018-4032

Described as a privilege escalation bug, connected with ‘nil’ in the to_path argument file deletion. This makes apps that uses the moveItemAtPath function to gain root access to the system. As per Talos, it is a “An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.”

CVE-2018-4033

A privilege escalation bug due to CleanMy X mistakenly validates invalid inputs. Described by Talos as: “(The) software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.”

CVE-2018-4034

Validation of a wrong input causes privilege escalation, enabling an application to gain root access to the system. Closely resembles CVE-2018-4033 when it comes to exploitation possibilities.

CVE-2018-4035

Privilege escalation bug using the ‘TruncateFileAtPath function to gain root access in the system. Through the exploitation of the bug, the attacker can also issue unauthorized deletion files in the hard disk.

CVE-2018-4036

Privilege escalation bug, taking advantage of ‘removeKextAtPath” function, enabling the attacker to run as root. This also enables the attacker a capability to delete files from the system.

CVE-2018-4037

Taking advantage of the ‘remoteDiagnosticLogs’ function to manipulate previously inaccessible object-c strings ‘erase’ and ‘all’. With it, the unauthorized user gains root privileges.

CVE-2018-4041

Uses the ‘enableLaunchdAgentAtPath function in order run an arbitrary application with root privileges. The unauthorized user can also delete system logs from the system as well.

CVE-2018-4042

Privilege escalation vulnerability taking advantage of ‘removeLaunchdAgentAtPath’ function in order to call any application without validation. Hence apps run through it gains root access.

CVE-2018-4043

Privilege escalation vulnerability taking advantage of ‘removeASL’ function in order to call any application without validation. Hence apps run through it gains root access.

CVE-2018-4044

Privilege escalation vulnerability taking advantage of ‘removePackageWithID’ function in order to call any application without validation. Hence apps run through it gains root access.

CVE-2018-4045

Privilege escalation vulnerability taking advantage of ‘securelyRemoveItemAtPath’’ function in order to call any application without validation. Hence apps run through it gains root access.

CVE-2018-4046

Privilege escalation vulnerability taking advantage of ‘pleaseTerminate’ function in order to call any application without validation. Hence apps run through it gains root access.

CVE-2018-4047

Privilege escalation vulnerability taking advantage of ‘disableLaunchdAgentAtPath’ function in order to call any application without validation. Hence apps run through it gains root access.

MacPaw, the developer of CleanMyMac X has issued an emergency update in the form of version 4.2.0. Everyone using CleanMyMac X are urged to install the emergency update in order to prevent the possibility of being victimized by the 13 privilege escalation bugs.

Kevin Jones940 Posts

Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register