Pritunl Client v1.3.4220.57 has been released. This release adds support for DNS search domains with WireGuard and fixes a local privilege escalation on macOS.
macOS Local Privilege Escalation
Egor Filatov of Positive Technologies reported a local privilege escalation on the macOS client. The Pritunl Client runs a background service using a LaunchDaemon on macOS that is configured to run the service from /Applications/Pritunl.app/Contents/Resources/pritunl-service. In a recent macOS update write access to the /Applications directory was permitted by administrator users without escalating privileges or prompting for password approval. This creates an opportunity if the Pritunl.app is uninstalled without removing the LaunchDaemon configuration, this would be done by dragging the Pritunl.app to the trash. After this a file can be created at /Applications/Pritunl.app/Contents/Resources/pritunl-service by an administrator and this file will run as a root user allowing escalating privileges.
This can only be done by administrator users, a non-administrator user will not have access to /Applications. This will only occur if the client is uninstalled by dragging the Pritunl.app to the trash. It can be avoided by running the macOS uninstall script. This will not occur if Pritunl is installed and uninstalled using the Homebrew Cask package as this fully cleans up the installation.
The service does have self cleanup functionality to remove these files but it did not always detect removal of the app. This has been improved in this update and the background service will check for the existence of the app if the GUI client is not running. If the application is forcefully closed there will still be about a 30 second window before the background service detects the absence of socket connection between the client and service. Ultimately Apple needs to provide better support for uninstalling .pkg applications to avoid these issues.