A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access

January 4, 2019


All of the vulnerabilities arise from improper input validations.

A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways.

CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant or unnecessary files and deleting them. No fewer than a dozen flaws plague 4.0 earlier versions of the software, all of them in the package’s “helper protocol.”

Read More on Threat Post