Security News > 2017 > February > ESET antivirus opens Macs to remote code execution (Help Net Security)

ESET antivirus opens Macs to remote code execution (Help Net Security)
2017-02-28 18:18

Like any other software, security software is sure to have some vulnerabilities that can be exploited by attackers. The latest in a long list of examples that prove this fact is the recently revealed remote code execution flaw affecting all but the latest version of ESET Endpoint Antivirus 6 for macOS. Discovered and reported by Jason Geffner and Jan Bee of the Google Security Team, the vulnerability (CVE-2016-9892) is present because the esets_daemon service is … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZZlViB4Ir_k/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-03-02 CVE-2016-9892 Improper Certificate Validation vulnerability in Eset Endpoint Antivirus and Endpoint Security
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate.
network
high complexity
eset CWE-295
5.9
5.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Eset 19 0 9 11 2 22