CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
Clean My Mac X 4.20
<https://macpaw.com/cleanmymac>
7.1 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CWE-459: Incomplete Cleanup
CleanMyMac X is an all-in-one Mac cleaning tool. The application is able to scan through system and user directories looking for unused and leftover files and applications. The application also markets the ability to help detect and prevent viruses and malware on OS X. To get all of this work done, they utilize a privilege helper tool running as root. This allows the application to remove and modify system files.
The vulnerability references TALOS-2018-0705 to TALOS-2018-0710 and TALOS-2018-0714 to TALOS-2018-0721. Upon installing the provided update, the vulnerable code is still left intact and listening on the system. This means that, although the application no longer uses the vulnerable code, it is still available for an attacker to take advantage of.
Included with this advisory is an Xcode project, as well as a Python script. The Python script needs an administratorβs password to set up some root files on the system to demonstrate the vulnerabilities. The Xcode project contains the proof of concept.
2019-01-15 - Vendor Disclosure
2019-03-11 - Public Release
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%