PSIRT Advisory

Command injection vulnerability in FortiClient for Mac OS

Summary

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.

Impact

Unauthorized code execution

Affected Products

FortiClient for Mac OS version 6.2.1 and below.

Solutions

Please upgrade to FortiClient for Mac OS version 6.2.2 and above.

Acknowledgement

Fortinet is very pleased to thank Lasse Trolle Borup of Langkjaer Cyber Defence for bringing this issue to our attention under responsible disclosure.