Last revised: 12/14/2017
An "image path execution hijacking" vulnerability affects the Palo Alto Networks Global Protect Client. Exploitation of this issue requires the root privileges on the local station. An attacker could exploit this vulnerability to obtain a certain level of persistence on the compromised host. (ref # GPC-4401 / CVE-2017-15870)
Successful exploitation requires local administrative privileges.
GlobalProtect agent for macOS 4.0.2 and earlier
GlobalProtect agent for macOS 4.0.3 and later
Palo Alto Networks would like to thank Jaron Bradley and Brandon McCann from CrowdStrike for reporting this issue