hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hide | hide.me | * |