CVE-2018-4045
Description
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Clean My Mac X 4.04 helper service lacks input validation, allowing local attackers to delete arbitrary files as root.
Vulnerability
The helper service of Clean My Mac X version 4.04 contains a privilege escalation vulnerability due to improper input validation in the securelyRemoveItemAtPath function of the helper protocol [1]. The function passes a user-supplied argument directly to securelyRemoveFileAtPath:error: without any validation of the calling application. Because the helper runs as root, any local process can invoke this function, enabling arbitrary file deletion on the system [1].
Exploitation
An attacker with local access—no authentication or user interaction required—can call the exposed helper function with any path argument [1]. The attacker only needs to craft an application or script that sends the securelyRemoveItemAtPath message to the helper service; no administrator password is needed to trigger the vulnerability itself (although the provided proof-of-concept uses an admin password to set up test root files) [1].
Impact
Successful exploitation allows a non-root user to delete any file on the filesystem as root, resulting in high integrity impact. The helper’s root privilege context means the attacker can remove system files, configuration files, or user data, potentially rendering the system unstable or unusable [1]. Confidentiality and availability are not directly affected per the CVSS vector [1].
Mitigation
MacPaw patched this vulnerability on 2018-12-27, per the disclosure timeline [1]. Users should update to Clean My Mac X version 4.05 or later. No other workarounds are documented if an update is not applied [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 4.04
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation in the helper service's securelyRemoveItemAtPath function allows any local application to delete arbitrary files as root."
Attack vector
An attacker with local access can call the `securelyRemoveItemAtPath` function exposed by the privileged helper tool. Because the helper runs as root and performs no validation of the calling application or the supplied path, any local process can invoke it to delete arbitrary files from the root file system [ref_id=1]. This crosses a privilege boundary, allowing a non-root user to delete system files as root [CWE-19] [ref_id=1].
Affected code
The vulnerable function is `securelyRemoveItemAtPath` in the helper service's protocol. The advisory shows the function passes a user-supplied argument directly into `securelyRemoveFileAtPath` via `NSFileManager` with no validation [ref_id=1].
What the fix does
The advisory states the vendor patched the vulnerability on 2018-12-27, but the patch diff is not included in the bundle [ref_id=1]. The remediation would require adding validation of the calling application (e.g., checking the caller's authorization or code signing identity) and sanitizing the path argument before passing it to the privileged file deletion function, so that only trusted callers can delete files and only within allowed paths [ref_id=1].
Preconditions
- networkAttacker must have local access to the macOS system
- configThe Clean My Mac X helper service must be installed and running
- authNo authentication required — the helper service does not validate the calling application
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.