https://www.zdnet.com/article/code-exec ... -software/Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software
The severe memory corruption flaw permitted attackers to execute malware at the kernel level.
By Charlie Osborne for Zero Day | September 13, 2018 -- 12:00 GMT (05:00 PDT) | Topic: Security
A severe vulnerability discovered in the Webroot SecureAnywhere antivirus software allows attacks to take place at the kernel level.
On Thursday, researchers from the Trustwave SpiderLabs team revealed the flaw, which impacts the macOS version of the software.
Webroot's SecureAnywhere solution is a paid endpoint protection program which offers "full-scale antivirus security at an affordable price."
The vulnerability, CVE-2018-16962, is a memory corruption bug which has been caused by an arbitrary user-supplied pointer which can be read from and "potentially written too," according to Trustwave.
If particular conditions in the memory function of SecureAnywhere are met, attackers are gifted with a write-what-where kernel opening, allowing them to execute arbitrary code in this core element.
The saving grace with this kernel-level attack is that threat actors need local access to exploit the security flaw.
If the vulnerability had permitted remote attacks, this would have been far more serious and would have given cyberattackers an almost limitless means to compromise the software.
"While macOS is an important target for attackers, the installation base of Windows still outpaces Mac," the researchers say, "It's also local only, not remote, so an attacker needs to be logged into a vulnerable Mac or convince a logged-in user to open the exploit via social engineering."
Trustwave says that after reporting the issue, Webroot quickly resolved the vulnerability.
It is recommended that macOS users of Webroot SecureAnywhere enable automatic updates to receive the security patch or manually upgrade to version 22.214.171.124.
"The security of our customers is of paramount importance to Webroot," Chad Bacher, SVP of Product Strategy and Technology Alliances at Webroot told ZDNet. "This vulnerability was remedied in software version 126.96.36.199 which has been available for our customers since July 24, 2018."
"For any user running a version of Mac not currently supported by Apple (OS 10.8 or lower), we recommend upgrading to an Apple-supported version to receive our updated agent and be in line with cybersecurity best practices on system patching," the executive added.
Webroot is not aware of any compromises due to this vulnerability.