Author Topic: Experts disclose a Webroot SecureAnywhere macOS Kernel Level bug found months ag  (Read 12 times)

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2384
    • View Profile
BY: September 15, 2018  By Pierluigi Paganini

Security experts disclosed a locally exploitable kernel-level vulnerability in the Webroot SecureAnywhere macOS security software.

The Webroot SecureAnywhere macOS security software was affected by a locally exploitable kernel-level vulnerability. An attacker that exploit the flaw could execute malware at the “kernel level” on a vulnerable Mac system.

The vulnerability, tracked as CVE-2018-16962, was patched months ago but publicly disclosed only yesterday.

“Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.” reads the security advisory.

The flaw is difficult to trigger, it is exploitable only by a local attacker that is logged into a vulnerable Mac system or by tricking an already logged-in user into opening an exploit through social engineering.

The vulnerability was discovered by researchers at Trustwave, the flaw was caused by the lack of validation of arbitrary user-supplied pointer being read from and potentially written too.

“Email Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot SecureAnywhere solution.” reads the analysis published by Trustwave.

full article here:https://securityaffairs.co/wordpress/76220/hacking/webroot-secureanywhere-flaw.html
McAfee Internet Suite
Trojan Remover