Input validation error in CleanMyMac X - CVE-2019-5011
Published: March 21, 2019 / Updated: August 8, 2020
Vulnerability identifier: #VU36052
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-5011
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MacPaw
Affected software:
CleanMyMac X
CleanMyMac X
Detailed vulnerability description
The vulnerability allows a local authenticated user to manipulate data.
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
How to mitigate CVE-2019-5011
Install update from vendor's website.