ESET antivirus öppnar för attack mot macOS
What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much?
One such easy-to-exploit, but critical vulnerability has been discovered in ESET’s antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system.
The critical security flaw, tracked as CVE-2016-9892, in ESET Endpoint Antivirus 6 for macOS was discovered by Google Security Team’s researchers Jason Geffner and Jan Bee at the beginning of November 2016.
As detailed in the full disclosure, all a hacker needs to get root-level remote code execution on a Mac computer is to intercept the ESET antivirus package’s connection to its backend servers using a self-signed HTTPS certificate, put himself in as a man-in-the-middle (MITM) attacker, and exploit an XML library flaw.