Vulnerability Details
A critical privilege escalation vulnerability has been discovered in OpenVPN Connect for macOS, affecting versions 3.5.1 through 3.8.1. The flaw resides in the application’s privileged helper component, a background service that manages VPN connections with elevated system rights. By exploiting a local IPC (Inter-Process Communication) channel, an attacker already present on the system can inject and execute arbitrary operating system commands as root without any user interaction. This issue is classified as an OS command injection vulnerability and carries a CVSS 4.0 base score of 9.4, indicating critical severity. The flaw was responsibly disclosed by security researchers Ismael Esquilichi, Pablo Redondo, and Lê Đức Ninh. As of now, no public proof-of-concept exploits or confirmed cases of active exploitation have been reported.
Impact and Mitigation
This local privilege escalation vulnerability poses a significant risk in shared or multi-user macOS environments, as it could enable lateral movement by an attacker who has already gained a foothold on the system. Organizations using OpenVPN Connect on macOS should immediately update to the latest version beyond 3.8.1 to remediate the flaw. Additional recommended steps include restricting local access to affected systems, monitoring for unusual IPC communication with OpenVPN background processes, and auditing endpoint access controls. Alongside this critical fix, the latest release also resolves two other bugs involving browser authentication failures and a blank profile import crash that could cause the app to become unresponsive.
Source: Cyber Security News
