Netskope client prior to 89.x on macOS is impacted by a...
High severity
Unreviewed
Published
Jan 5, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Jan 4, 2022
Published to the GitHub Advisory Database
Jan 5, 2022
Last updated
Feb 3, 2023
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
References