FortiClient (Mac) - update functionality may lead to privilege escalation vulnerability


A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

Affected Products

FortiClientMac version 7.0.0 through 7.0.7
FortiClientMac version 6.4 all versions
FortiClientMac version 6.2 all versions
FortiClientMac version 6.0 all versions


Please upgrade to  FortiClientMac version 7.0.8 or above.
Please upgrade to  FortiClientMac version 7.2.0 or above.


Internally discovered and reported by Eric Hu of Fortinet Software Development team.


2023-04-03: Initial publication