Threat Watch

CleanMyMac X Software Vulnerabilities

A software ran by MacPaws named CleanMyMac X is typically used to clear space on a Mac by locating files that aren’t being used and getting rid of them. Recently multiple privilege escalations were found in version 4.04, potentially giving an unauthorized party local access on the unsuspecting party’s machine. Thirteen total vulnerabilities were discovered and there are five that stand out. The main vulnerabilities give an attacker the ability to delete files from the root system, delete main log data from the root file system, delete a package’s privileged information from the system, terminating root daemon, and uninstalling ‘launchd’ scripts as root.

ANALYST NOTES

MacPaw is attempting to mitigate these issues at this time. Until then, users should download the latest version of CleanMyMac X, version 4.2.0.