- Security researchers found a critical flaw in the IPVanish Mac VPN app
- The flaw could allow attackers to gain full control of a user’s system
- IPVanish is said to be “working on a fix”, ensuring that only OpenVPN is affected
A “critical privilege escalation vulnerability” has been discovered in the IPVanish VPN application for macOS, potentially allowing malicious actors to gain full control of a user’s system.
Discovered by cybersecurity researchers at SecureLayer7, the flaw exploits the VPN’s “privileged utility,” a background component used to manage secure network connections. The researchers found that this tool makes only a very limited effort to verify who is asking to run commands. As a result, “the flaw allows any unprivileged local process to execute arbitrary code as root without user interaction,” experts warn.
While IPVanish is a household name, often compared to the best VPN services, the vulnerability has been assigned a severity score of 8.8 (High) and listed as “pending”.
In a statement to TechRadar, a spokesperson for IPVanish said the team is aware of the OpenVPN vulnerability in the Mac VPN app and is “working on a fix” that will be released as soon as possible.
“All macOS users will receive an automatic prompt to update to the latest version,” IPVanish said, adding that customers who have never used OpenVPN are not affected.
“WireGuard is the default protocol for new installations, meaning users who have only used the default configuration will not be affected,” IPVanish added.
What is IPVanish Mac Vulnerability all about
The vulnerability centers on how the IPVanish app communicates with its background “helper” tool for the OpenVPN protocol (the OpenVPNPath parameter). In macOS, these utilities act as system administrators with top-level rights to change important settings.
According to the SecureLayer7 report, the problem is that this utility acts as a security guard that never checks IDs. It listens for instructions, but makes very limited effort to confirm who or what is sending them.
In practice, this leaves the door wide open. Any app or program running on your Mac can send commands to this powerful helper. Because the tool does not perform all the necessary checks to confirm that the request is coming from a secure or trusted source, malicious software can easily use it to gain total control of the computer.
Researchers identified two main ways hackers can abuse this, both of which result “in the attacker’s script running as root,” experts warn.
First, an attacker can simply trick the OpenVPNPath parameter to launch a malicious program instead of the normal VPN software.
The second method is even more troubling because it bypasses Apple’s strict, built-in security guards. Usually, your Mac stops unapproved or dangerous software from running. However, IPVanish’s OpenVPNPath appears to have a major logical flaw: it only checks a file’s security signature if the file is already marked as a running program (an “executable”).
Hackers can easily get around this by hiding their malicious code inside a harmless, non-running file. The IPVanish helper sees the harmless label, assumes it’s safe, and skips the security check. Then, in a major blunder, the utility moves the file to a safe area and actually changes the settings of the file itself, turning it into a running program and doing the hacker’s work for them.
Stay safe
It is important to emphasize that this is a Local Privilege Escalation (LPE) vulnerability. This means that a hacker cannot exploit this flaw remotely over the Internet simply by knowing your IP address. The attack “requires only local access to the system where IPVanish VPN is installed,” meaning an attacker must already have a foothold on your machine via malware or physical access.
SecureLayer7 states that fixing this will require significant changes to the app’s architecture. “The most critical immediate remedy is implementing call authentication in the XPC event handler,” the firm advises.
For their part, IPVanish ensures that only macOS users connecting to the OpenVPN protocol are affected by this vulnerability.
However, until IPVanish releases a patch, users should remain vigilant.
“If a customer has been using OpenVPN, open the macOS Desktop software, click Settings, Protocol and select OpenVPN. You will see a section called ‘OpenVPN driver‘; please click on ‘Uninstall‘ button below it. This will address the vulnerability before the upcoming release,” IPVanish explains.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
