Synopsis:
Elevation of Privilege in Privilege Management for Mac (PMfM) Installer
Impacted Product:
Privilege Management for Mac (PMfM)
Summary:
A medium severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Mac (PMfM) that could allow an attacker to elevate their privileges. Two files in the PMfM installer had incorrect file permissions applied which could enable a user elevated privileges on their machine.
Mitigation:
The permissions of these files in Privilege Management for Mac installer have been reconfigured to provide the correct level of privileges. This has also been fixed with a macOS security patch.
This change was implemented in PMfM version 5.7. BeyondTrust recommend customers update to the latest version of PMfM as soon as possible.
Product | Version |
---|---|
Privilege Management for Mac (PMfM) | Prior to 5.7 |
Product | Version |
---|---|
Privilege Management for Mac (PMfM) | 5.7 and above |
BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.