Vulnerabilities > CVE-2019-5011 - Incomplete Cleanup vulnerability in Macpaw Cleanmymac X 4.20

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
macpaw
CWE-459

Summary

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.

Vulnerable Configurations

Part Description Count
Application
Macpaw
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0759
last seen2019-05-29
published2019-03-11
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0759
titleCleanMyMac X incomplete update patch privilege escalation vulnerability