Network security company Perimeter81 apparently needs to improve its responsible disclosure process for vulnerabilities found in its products.
Cybersecurity researcher Erhad Husovic published a blog post in late June to disclose the details of a local privilege escalation vulnerability discovered in Perimeter81’s macOS application.
The researcher said the privilege escalation exploit leverages a misconfigured XPC service along with a command injection vulnerability. Exploitation allows an attacker to execute arbitrary commands with root privileges.
Husovic said at the time that he had first reported his findings to Perimeter81 in mid-March. The vendor was then contacted four more times, but the researcher claimed he only received one response saying that the issue was ‘wrongly sidetracked’.
The security hole was then reported by the researcher to the Vulnerability Information and Coordination Environment (VINCE) at the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.
CERT/CC published its own advisory for the vulnerability, which is tracked as CVE-2023-33298, after failing to get a response from the vendor.
“At the time, the latest Perimeter81 MacOS application (10.0.0.19) suffers from local privilege escalation vulnerability inside its com.perimeter81.osx.HelperTool. This HelperTool allows main application to setup things which require administrative privileges such as VPN connection, changing routing table, etc,” CERT/CC said in its advisory.
It added, “By combining insufficient checks of an XPC connection and creating a dictionary with the key ‘usingCAPath’ a command can be appended within that value to be run with administrative privileges.”
The researcher decided to disclose the vulnerability, along with a proof-of-concept (PoC) exploit, more than three months after the initial disclosure. The flaw does not appear to have been patched.
SecurityWeek reached out to Perimeter81 for comment several days before this article was published, but received no response.
The flaw does not seem critical as its exploitation requires access to the targeted system. However, it shows that even cybersecurity companies can botch the vulnerability disclosure process.
Related: SonicWall Patches Critical Vulnerabilities in GMS, Analytics Products
Related: Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks
Related: Sophos Firewall Zero-Day Exploited in Attacks on South Asian Organizations
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Government Shutdown Could Bench 80% of CISA Staff
- Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
