Vulnerability still open to all despite multiple fixes
By Shaun Nichols in San Francisco 11 Sep 2018
A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it.
This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it.
The flaw is an elevation of privilege issue in McAfee's TrueKey password manager. An exploit can be carried out on a guest account by side-loading a specially-crafted DLL into True Key that would then allow for commands and code to be executed with system-level privileges.
Full Article.