Google Updater for MacOS CVE-2018-6084 Local Privilege Escalation Vulnerability

Google Updater for MacOS is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to gain elevated privileges; this may aid in launching further attacks.

Information

Bugtraq ID: 103468
Class: Serialization Error
CVE: CVE-2018-6084

Remote: No
Local: Yes
Published: Mar 21 2018 12:00AM
Updated: Mar 21 2018 12:00AM
Credit: ianbeer of Google Project Zero.
Vulnerable: Google Updater 2.4.2432.1652
Google Updater 2.4.1536.6592
Google Updater 0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Google Homepage (Google)
Google Software Updater macOS (Exploit DB)
Google Updater FAQ (Google)

Source: www.securityfocus.com

Exploit Collector

Search Exploit