CVE-2018-8076

Vulnerability

ZenMate VPN for macOS version 1.5.4 contains a type confusion vulnerability in the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This can result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker [1].

Exploitation

An attacker must be able to send a crafted XPC message to the vulnerable service. Due to internal checks added by Apple in recent versions of macOS and OS X, this vulnerability is limited to causing a denial of service when exploited [1]. No other exploitation vectors have been identified.

Impact

Successful exploitation results in a denial of service, potentially crashing the affected component. The vulnerability does not allow for arbitrary code execution or privilege escalation because Apple's internal checks prevent type confusion from leading to more severe outcomes [1].

Mitigation

ZenMate VPN has indicated that an update will be released to address this vulnerability [1]. Users should apply the update once available. As of the publication date (2018-03-15), no fix has been released; the vendor response timeline shows disclosure on 2018-03-01 and advisory release on 2018-03-12 [1].