Main Vulnerability Database SB2019032132

SB2019032132 - Input validation error in MacPaw CleanMyMac X

Published: March 21, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019032132

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-5011)

The vulnerability allows a local authenticated user to manipulate data.

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.

Remediation

Install update from vendor's website.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0759