all InfoSec news
VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems.
Description
Every five hours the Videostream LaunchDaemon runs with root privileges to check for updates. During the download, it's possible to replace the update file as any user with a crafted tar archive. The LaunchDaemon process will extract the archive …
account client daemon escalation file low mac privilege privileged privilege escalation privileges race race condition root systems vulnerable