Shimo VPN service contains six unpatched vulnerabilities, Talos discovers

A series of vulnerabilities in virtual private network service Shimo’s Helper Tool, a popular app used to connect multiple VPNs for Mac operating systems, would make it possible for hackers to obtain root control, according to research published Monday by Cisco’s Talos research team. Researchers detailed six vulnerabilities in the Shimo VPN Helper Tool that relies on to carry out its privileged work, according to a blog post. Details of the vulnerabilities were released after Cisco made “repeated attempts” to communicate with Shimo over 90 days to no avail, Talos said. Shimo did not immediately respond to a request for comment from CyberScoop. One vulnerability, listed as CVE-2018-4004, is a privilege escalation vulnerability that resides in the Shimo VPN helper’s disconnectService function, and would allow a “non-root user to kill privileged processes on the system.” Another, CVE-2018-4007, resides in the deleteConfig functionality and “could allow an attacker to delete any […]

The post Shimo VPN service contains six unpatched vulnerabilities, Talos discovers appeared first on CyberScoop.

Continue reading Shimo VPN service contains six unpatched vulnerabilities, Talos discovers