SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Google Discloses Major Vulnerability in ESET Mac Antivirus Software

Posted on March 18, 2017

If there is one type of software a user should have the ability to trust, it’s legitimate antivirus programs. As a tool designed to protect from malware attacks, every antivirus effort requires careful, thoughtful design and an absolute focus on the safety and security of the end user’s system. Unfortunately, that is not always the case. In one of the most egregious examples of a major flaw in an antivirus product for Macs, Google disclosed a vulnerability in ESET Endpoint Antivirus. Through this wide-open security hole, hackers could have potentially gained root access on a user’s machine with the ability to run any code they wished.

The way the attack works is very simple. ESET Endpoint must communicate with its home servers to transmit necessary antivirus data, receive definition updates, and more. However, during these communications, the software never attempts to verify the legitimacy of the server with which it is communicating. In other words, intercepting the communication between the software and the server is all an attacker must do to earn access to the machine. After that, it’s a matter of sending the user’s machine a fake security certificate, and pretending to be a legitimate server – a classic “man in the middle” attack.

Once the ESET software accepts the false certificate, the attacker can exploit another known vulnerability in XML parsing to begin running arbitrary code. At that point, they could have total control over your machine. This lapse in security is a very severe threat — and the fact that it stems from within software ostensibly designed to protect users from the menace of malware makes it even more startling. Users of the unpatched version of ESET Endpoint 6 remain at risk; there is no way to prevent this attack other than simply to not run the software at all. After Google disclosed the flaw, ESET swiftly issued a patch to correct the problem.

According to ESET, no users reported issues relating to this attack vector. It seems likely that despite its severity, this hole was not discovered and exploited. Even so, it serves as a key example of how flaws and loopholes can appear anywhere. For the best protection, it’s essential to think not just of the threats from outside, but of those from within as well. Without careful coding and meticulous testing, AV software can easily become a threat instead of a helpful boon. When you choose an antivirus product, like other software, make sure to do your research on its security track record and evaluate the options carefully.

Join our mailing list for the latest security news and deals