News

IDrive and RemotePC developer fixes vulnerabilities discovered by Positive Technologies

macOS users of these services could have been at risk

PT SWARM expert Egor Filatov helped fix vulnerabilities in two IDrive products: the IDrive backup service and the RemotePC remote access application. The security defects could have allowed an attacker to escalate privileges in macOS and compromise data. If the vulnerable products were used on corporate devices, a company could be at risk of an attack on its IT infrastructure. The vendor was notified of the vulnerabilities under a responsible disclosure policy and released updates for IDrive and RemotePC.

According to PeerSpot, IDrive ranks 20th among cloud backup services. RemotePC is also cited among key solutions for remote computer access.
 

Vulnerability PT-2025-37715 (BDU:2025-08844) affected IDrive version 4.0.0.38, and RemotePC 7.7.38 was affected by vulnerability PT-2025-348841 (BDU:2025-08845). Both vulnerabilities scored 7 out of 10 on the CVSS 4.0 scale. An attacker could theoretically exploit them to elevate privileges on a device to superuser (root), gaining full control of the system. This would allow the attacker to carry out any operations on the user's computer—for example, compromise data, deploy ransomware, or alter protective mechanisms to further advance the attack. If the vulnerable application were installed on a work device, the attacker could establish persistence in the corporate network and disrupt the organization's business processes.

Before the patches, the risk to users stemmed from components with elevated privileges—required by IDrive to access files on the device and by RemotePC to work with privacy-sensitive2 macOS permissions. These components could be modified by any user with administrative rights, which are assigned by default to Mac owners.

1 Both vulnerabilities are registered on the dbugs portal, which aggregates data on vulnerabilities in software and hardware from vendors around the world.

2 Permissions that pose a risk to the confidentiality of user data and, in particular, authorize screen viewing, camera access for image capture, and remote macOS configuration.

"Using a malicious program, an attacker could gain access to IDrive and RemotePC's privileged files, which run with superuser rights, and then replace one of those files with their malware. On the next system reboot, the attacker's privileges would be elevated automatically, potentially giving them full control of the device."

Egor Filatov
Egor FilatovJunior Mobile Application Security Researcher at Positive Technologies

To fix the issue, update IDrive to version 4.0.0.43 or later and RemotePC to version 7.7.38 or later as soon as possible. If the patch cannot be installed, the PT SWARM expert recommends restricting write permissions to privileged files. The path to these files for IDrive is as follows:

  • /Library/Application Support/IDriveforMac/IDriveHelperTools/bin/newbin/IDriveDaemonHelper
  • /Library/Application Support/IDriveforMac/IDriveHelperTools/IDriveDaemon.app/Contents/MacOS/IDriveDaemon
  • /Library/Application Support/IDriveforMac/IDriveHelperTools/IDSyncDaemon.app/Contents/MacOS/IDSyncDaemon

The path to RemotePC's privileged files:

  • /Library/Application Support/RPCForMac/RemoteDPCSService
  • /Library/Application Support/RPCForMac/RemotePCHelper

In 2025, Egor Filatov helped fix vulnerability PT-2025-25226, which also involved privilege escalation. In August, he helped strengthen the security of Tunnelblick, the graphical user interface for OpenVPN. Before the fix, this flaw could have allowed an attacker to compromise data and carry out an attack within a corporate network.

Reduce the risk of remote code execution on endpoints, including when an attacker escalates privileges, with EDR solutions such as MaxPatrol EDR. When malicious activity is detected, these products alert MaxPatrol SIEM and block the attack.

For up-to-date security information, visit the dbugs portal, which aggregates vulnerability data and vendor recommendations for software and hardware from vendors around the world.

Share link