Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller verification and a symlink swap during package installation.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller verification and a symlink swap during package installation. | |
| Title | Improper XPC caller certificate validation and TOCTOU race condition in macOS PrivilegedHelperTool | |
| Weaknesses | CWE-295 CWE-367 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Cato
Published:
Updated: 2026-07-01T15:07:24.153Z
Reserved: 2026-06-16T07:28:42.180Z
Link: CVE-2026-12374
Updated: 2026-07-01T15:07:21.240Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T18:30:15Z