This text provides a detailed analysis of vulnerabilities found in the Palo Alto Networks GlobalProtect VPN client, affecting both Linux and macOS systems. These vulnerabilities allow unprivileged users to escalate their privileges to root due to the way the GlobalProtect client handles file creation and encryption. Specifically, the PanGPS daemon, which runs with elevated privileges, can be manipulated to create or overwrite files in arbitrary filesystem locations by exploiting symbolic links and crafted encrypted files. On Linux, the exploit involves overwriting the /etc/ld.so.preload file to preload a user-controlled shared object, enabling privilege escalation when certain executables are started. On macOS, the exploit targets the root crontab to execute a user-controlled shell script with root privileges. The text emphasizes the complexity of overcoming the encryption and validation checks to successfully exploit these vulnerabilities, demonstrating how knowledge of the encryption scheme and file structure can be leveraged to achieve privilege escalation on these systems.