ASA-2018-00043 – SwitchVPN: Excessive permissions for application configuration allow privilege escalation

After installation or an update, the script "fix_permissions.sh" is run by the application. This script changes the owner of the main application binaries to root and sets them to world-writable. Additionally, the SUID bit is set for another sensitive binary in the application folder. This configuration makes it very easy to escalate privileges to root. The script /Applications/SwitchVPN/SwitchVPN.app/Contents/MacOS/SwitchVPN_GUI is world-writeable after installation or an update and is later executed by a privilege process. Overwriting its content, because it is world-writeable, allows an attacker to perform escalation of privileges.