Proxifier for Mac 2.19 local root privesc

Posted by Mark Wadham on Apr 12

With CVE-2017-7643 I disclosed a command injection vulnerablity in the
KLoader
binary that ships with Proxifier <= 2.18.

Unfortunately 2.19 is also vulnerable to a slightly different attack
that
yields the same result.

When Proxifier is first run, if the KLoader binary is not suid root it
gets
executed as root by Proxifier.app (the user is prompted to enter an
admin
password). The KLoader binary will then make itself suid root so that…

Leave a Reply