NEWS
Old Versions of ESET Anti-virus for MacOS Subject to Exploit Granting Root Access to Assailant
2532
2017-03-01
Posted by Reposted

Old Versions of ESET Anti-virus for MacOS Subject to Exploit Granting Root Access to Assailant


The outdated XML library included in a recent update to ESET Endpoint Antivirus 6 is subject to a buffer overflow bug, according to Google researchers. Assailants using a man-in-the-middle targeted attack can intercept licensing credential data transfers, allowing for a machine masquerading as the licensing server to pass bogus data.

In this case, a forged HTTPS certificate can be sent, allowing the attacker to control the connection. A follow-up transmission can contain a maliciously crafted XML package, allowing for root-level code execution.

"When ESET Endpoint Antivirus tries to activate its license, esets_daemon sends a request to https://edf.eset.com/edf," reports Google Security Team's Jason Geffner and Jan Bee. "The esets_daemon service does not validate the web server's certificate, so a man-in-the-middle can intercept the request and respond using a self-signed HTTPS certificate. The esets_daemon service parses the response as an XML document, thereby allowing the attacker to supply malformed content."

The flaw was discovered by Google, and reported to ESET in early November 2016. A patch rectifying the problem was supplied to the researchers in early February with a release on Feb. 21.

The attack does not need to be tailored to a specific machine, like other Mac malware packages require. All it demands is the awareness that a target is running the ESET tool, and the means to utilize a "man in the middle" attack, such as a public wi-fi hotspot. 

ESET issued a patch for the issue on Feb. 21, prior to the public disclosure of the flaw. Users should ensure that ESET Endpoint Antivirus version 6.4.168.0 is installed, and not any prior version.


Source: appleinsider

Related Articles
macOS High Sierra 10.13.2 Beta 4 Now Available Apple Releases macOS Catalina With Find My, Screen Time, and No More iTunes iOS 11.3 Jailbreak Update: Root Shell Access Achieved On Latest Firmware Apple Releases macOS Catalina 10.15.5 With Battery Health Management Features Apple Releases macOS Mojave 10.14.1 Supplemental Update for 2018 MacBook Air Apple Seeds macOS Big Sur 11.0.1 Release Candidate to Developers Apple Releases First iOS 11.1, watchOS 4.1, tvOS 11.1, and macOS 10.13.1 Developer Betas MacOS 10.12.3 + iTunes 12.5.5 Hit the Mac App Store