ASA-2018-00043 – SwitchVPN: Excessive permissions for application configuration allow privilege escalation

After installation or an update, the script "" is run by the application. This script changes the owner of the main application binaries to root and sets them to world-writable. Additionally, the SUID bit is set for another sensitive binary in the application folder. This configuration makes it very easy to escalate privileges to root. The script /Applications/SwitchVPN/ is world-writeable after installation or an update and is later executed by a privilege process. Overwriting its content, because it is world-writeable, allows an attacker to perform escalation of privileges.