A new vulnerability could trigger Kernel Exploit in MacOS

A new vulnerability has been discovered and this time it’s an Anti-virus. Recently, researchers discovered that the Mac version of the Webroot Anti-virus has a critical vulnerability.

Called the Webroot SecureAnywhere vulnerability, it will allow an attacker to execute arbitrary codes at a kernel level in MacOS. The vulnerability was first discovered by the researchers at the Trustwave SpiderLabs.

A user-controllable pointer dereference exists in the kernel driver of the Webroot SecureAnywhere solution for macOS the root cause of which is an arbitrary user-supplied pointer being read from and potentially written too. As such, the issue arms an attacker with a write-what-where kernel gadget with the caveat that the original value of the memory referenced by the pointer must be equal to (int) -1.

The good thing, however, is that the malware can only be injected locally so the attacker should have access to the device.

Being local only, an attacker would need malware executing locally or convince a logged-in user to open the exploit via social engineering.

The vulnerability was first discovered on June 29, 2018, and Webroot released a patch for this flaw on July 24, 2018. The company also shared some details about the patch in a blog post.

The security of our customers is of paramount importance to Webroot. This vulnerability was remedied in software version 9.0.8.34 which has been available for our customers since July 24, 2018. We have no evidence of any compromises from this vulnerability.

The users are advised to upgrade to version 9.0.8.34 to make sure the vulnerability is patched.

Via: Latest Hacking News