| Kura | iHongRen pptp-vpn v1.0.1 Local Privilege escalation to root via XPC |
|---|
| Gaskiya | The `com.cxy.PPTPVPN.HelpTool` privileged helper (macOS) accepts any incoming NSXPCConnection without verifying the client identity. The helper exports an interface that allows callers to run arbitrary shell commands using `NSTask`, `system()` and `NSAppleScript`. A local attacker who can connect to the helper’s Mach service (`com.cxy.PPTPVPN.HelpTool`) can execute commands with the helper’s privileges (root). This enables local privilege escalation and arbitrary code execution as the helper user. |
|---|
| Manga | ⚠️ https://github.com/SwayZGl1tZyyy/n-days/blob/main/pptp-vpn/README.md |
|---|
| Màdùmga | SwayZGl1tZyyy (UID 88771) |
|---|
| Furta | 09/16/2025 04:08 (5 Wurɗi 전) |
|---|
| Gargajiya | 09/28/2025 08:13 (12 days later) |
|---|
| Halitta | Shingilam |
|---|
| VulDB gite | 326210 [iHongRen pptp-vpn 1.0/1.0.1 ka macOS XPC Service HelpTool/HelperTool.m shouldAcceptNewConnection karkar ndiyamga taƙa] |
|---|
| Nganji | 20 |
|---|