Google Updater for MacOS is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to gain elevated privileges; this may aid in launching further attacks.
Information
Bugtraq ID: 103468Class: Serialization Error
CVE: CVE-2018-6084
Remote: No
Local: Yes
Published: Mar 21 2018 12:00AM
Updated: Mar 21 2018 12:00AM
Credit: ianbeer of Google Project Zero.
Vulnerable: Google Updater 2.4.2432.1652
Google Updater 2.4.1536.6592
Google Updater 0
Not Vulnerable:
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Google Homepage (Google)
- Google Software Updater macOS (Exploit DB)
- Google Updater FAQ (Google)