Tyler Bohan of Cisco Talos discovered this vulnerability.

Executive summary

CleanMyMac X contains a privilege escalation vulnerability in its helper service due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. CleanMyMac X is an all-in-one cleaning tool for Macs from MacPaw. The application scans through the system and user directories looking for unused and leftover files and applications.

In accordance with our coordinated disclosure policy, Cisco Talos worked with MacPaw to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

CleanMyMac X incomplete update patch privilege escalation vulnerability (TALOS-2018-0759/CVE-2019-5011)

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that version 4.20 of CleanMyMac X is affected by this vulnerability.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 48297, 48298