So, make sure your antivirus package is patched up to date. The patch is made available in the release of version 6.4.168.0 of ESET Endpoint Antivirus for macOS. Download the award-winning ESET NOD32 Antivirus or ESET Smart Security nowESET NOD32 is an antivirus software boasting highly-focused attention towards. The Google researchers have also released the proof-of-concept (PoC) exploit code, which only shows how the ESET antivirus app can be used to cause a crash.ĮSET addressed this vulnerability on February 21 by upgrading the POCO parsing library and by configuring its product to verify SSL certificates. Now since the hacker controls the connection, they can send malicious content to the Mac computer in order to hijack the XML parser and execute code as root. "Vulnerable versions of ESET Endpoint Antivirus 6 are statically linked with an outdated XML parsing library and do not perform proper server authentication, allowing for remote unauthenticated attackers to perform arbitrary code execution as root on vulnerable clients." This attack was possible because the ESET antivirus did not validate the web server's certificate. This event triggers the CVE-2016-0718 flaw that executes the malicious code with root privileges when esets_daemon parsed the XML content. Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection. Learn to Stop Ransomware with Real-Time Protection Now, when esets_daemon sent a request to during activation of the ESET Endpoint Antivirus product, an MITM attacker can intercept the request to deliver a malformed XML document using a self-signed HTTPS certificate. This POCO version is based on a version of the Expat XML parser library version 2.0.1 from 2007, which is affected by a publicly known XML parsing vulnerability ( CVE-2016-0718) that could allow an attacker to execute arbitrary code via malicious XML content. The service is statically linked with an outdated version of the POCO XML parser library, version 1.4.6p1 released in March 2013. The actual issue was related to a service named esets_daemon, which runs as root. As detailed in the full disclosure, all a hacker needs to get root-level remote code execution on a Mac computer is to intercept the ESET antivirus package's connection to its backend servers using a self-signed HTTPS certificate, put himself in as a man-in-the-middle (MITM) attacker, and exploit an XML library flaw.
0 Comments
Leave a Reply. |