Command injection vulnerability in FortiClient for Mac OS
Summary
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.
Affected Products
FortiClient for Mac OS version 6.2.1 and below.
Solutions
Please upgrade to FortiClient for Mac OS version 6.2.2 and above.
Acknowledgement
Fortinet is very pleased to thank Lasse Trolle Borup of Danish Cyber Defence for bringing this issue to our attention under responsible disclosure.