Several privilege escalation vulnerabilities were found in MacPaw’s CleanMyMac X software, all of which will allow an attacker with local access to the victim’s machine to modify the file system as root.

Cisco Talos researchers spotted 13 CVE vulnerabilities in the Mac cleanup application designed to free up extra space on a user’s machine by scanning for and deleting unused and unnecessary files, according to a Jan. 2 blog post.

One of the vulnerabilities includes a privilege escalation vulnerability in the way that CleanMyMc X software improperly validates inputs that arises in the ‘moveItemAtPath` function of the helper protocol. The bug will ultimately allow non-root users to delete files from the root file system.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.