Several privilege escalation vulnerabilities were found in MacPaw’s CleanMyMac X software, all of which will allow an attacker with local access to the victim’s machine to modify the file system as root.
Cisco Talos researchers spotted 13 CVE vulnerabilities in the Mac cleanup application designed to free up extra space on a user’s machine by scanning for and deleting unused and unnecessary files, according to a Jan. 2 blog post.
One of the vulnerabilities includes a privilege escalation vulnerability in the way that CleanMyMc X software improperly validates inputs that arises in the ‘moveItemAtPath` function of the helper protocol. The bug will ultimately allow non-root users to delete files from the root file system.
Similar privilege escalation vulnerabilities exists in the `moveToTrashItemAtPath`, `removeItemAtPath`, `truncateFileAtPath`, `removeKextAtPath`, and `removeDiagnosticsLogs.
An exploitable privilege escalation vulnerability also exists in the helper service of the software in the `enableLaunchdAgentAtPath` function of the helper protocol stemming from the lack of validation for the calling application. This vulnerability allows a non-root user to delete the main log data from the system.
Researchers disclosed the vulnerabilities to MaPaw and worked with the firm to ensure the issues were resolved and to ensure updates were made available to those who were affected. To remediate, its recommended users update to the latest version of CleanMyMac X , version 4.2.0.