Posted by Mark Wadham on Apr 12
With CVE-2017-7643 I disclosed a command injection vulnerablity in the
binary that ships with Proxifier <= 2.18.
Unfortunately 2.19 is also vulnerable to a slightly different attack
yields the same result.
When Proxifier is first run, if the KLoader binary is not suid root it
executed as root by Proxifier.app (the user is prompted to enter an
password). The KLoader binary will then make itself suid root so that…