The Shimo VPN client for Mac systems contains six privilege escalation vulnerabilities that have yet to be patched by its developers, researchers from Cisco's Talos division reported yesterday.

Shimo is a product that allows users to connect multiple VPN accounts to a single application. Discovered by Cisco Labs researcher Tyler Bohan, all six flaws were found in Shimo VPN client version 4.1.5.1's "helper tool," which Talos says is used to accomplish certain privileged work.

In a blog post, Talos describes five of the vulnerabilities as exploitable, while noting that all six require local access to the machine.Three of them can allow attackers to elevate privileges to root. A fourth can enable a non-root users to kill privileged processes, while another lets attackers delete protected files and yet another can be exploited to execute user-supplied script arguments under root context.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.