SecureMac, Inc.

Google Discloses Major Vulnerability in ESET Mac Antivirus Software

March 18, 2017

If there is one type of software a user should have the ability to trust, it’s legitimate antivirus programs. As a tool designed to protect from malware attacks, every antivirus effort requires careful, thoughtful design and an absolute focus on the safety and security of the end user’s system. Unfortunately, that is not always the case. In one of the most egregious examples of a major flaw in an antivirus product for Macs, Google disclosed a vulnerability in ESET Endpoint Antivirus. Through this wide-open security hole, hackers could have …

Google Discloses Major Vulnerability in ESET Mac Antivirus Software

If there is one type of software a user should have the ability to trust, it’s legitimate antivirus programs. As a tool designed to protect from malware attacks, every antivirus effort requires careful, thoughtful design and an absolute focus on the safety and security of the end user’s system. Unfortunately, that is not always the case. In one of the most egregious examples of a major flaw in an antivirus product for Macs, Google disclosed a vulnerability in ESET Endpoint Antivirus. Through this wide-open security hole, hackers could have potentially gained root access on a user’s machine with the ability to run any code they wished.

The way the attack works is very simple. ESET Endpoint must communicate with its home servers to transmit necessary antivirus data, receive definition updates, and more. However, during these communications, the software never attempts to verify the legitimacy of the server with which it is communicating. In other words, intercepting the communication between the software and the server is all an attacker must do to earn access to the machine. After that, it’s a matter of sending the user’s machine a fake security certificate, and pretending to be a legitimate server – a classic “man in the middle” attack.

Once the ESET software accepts the false certificate, the attacker can exploit another known vulnerability in XML parsing to begin running arbitrary code. At that point, they could have total control over your machine. This lapse in security is a very severe threat — and the fact that it stems from within software ostensibly designed to protect users from the menace of malware makes it even more startling. Users of the unpatched version of ESET Endpoint 6 remain at risk; there is no way to prevent this attack other than simply to not run the software at all. After Google disclosed the flaw, ESET swiftly issued a patch to correct the problem.

According to ESET, no users reported issues relating to this attack vector. It seems likely that despite its severity, this hole was not discovered and exploited. Even so, it serves as a key example of how flaws and loopholes can appear anywhere. For the best protection, it’s essential to think not just of the threats from outside, but of those from within as well. Without careful coding and meticulous testing, AV software can easily become a threat instead of a helpful boon. When you choose an antivirus product, like other software, make sure to do your research on its security track record and evaluate the options carefully.

Get the latest security news and deals