In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|
| Shimo | Mailbutler | * | 4.1.5.1 (excluding) |
References