Security Bulletins
May 2018: macOS Local Privilege Escalation
Charles on macOS versions 4.2 and 3.12.1 and older contain a local privilege escalation vulnerability. All users of Charles on macOS should upgrade to Charles 4.2.5 or Charles 3.12.3 as soon as possible to correct this vulnerability.
Charles on Windows, Linux and iOS are not affected by this vulnerability.
This vulnerability is not remotely exploitable.
Note that this issue was corrected in versions 4.2.1 and 3.12.2, but fully corrected in 4.2.5 and 3.12.3.
More information
A local user on a macOS system could exploit Charles to gain administrator privileges.
Updates have been released for Charles 4 and Charles 3, so that all Charles users can update to secure versions. Download the latest version of Charles now.
This vulnerability has been assigned the identifier CVE-2017-15358 and will be published on 30 June 2018.
Please contact us for any questions about this bulletin.