Assisted Local Privilege Escalation and Arbitrary File Overwrite Vulnerabilities
On 2023-06-14, Erhad Husovic notified the Tunnelblick developers of a security vulnerability in Tunnelblick, an "assisted local escalation of privileges". On July 23, he notified the developers of another security vulnerability, an "assisted file overwrite".
Both vulnerabilities have been fixed in Tunnelblick versions 3.5.26, 3.8.8c, and 4.0.0beta07.
Some similar vulnerabilities were discovered by the Tunnelblick developers and were also fixed in Tunnelblick 3.8.8c and 4.0.0beta07.
These vulnerabilities allow a standard computer user, or an attacker who already is running malicious software as a standard user on the computer to gain privileges as "root" or to overwrite or delete arbitrary files, including any file not protected by System Integrity Protection. They are "assisted" in that they require a computer administrator to authorize an action by Tunnelblick which would ordinarily be safe, but is not safe in the circumstances created by a malicious user or malicious software.
For more details, see Erhad's discussions of the vulnerabilities: