Eset Cyber Security (Mac OS X) – Arbitrary File Overwrite Vulnerability

Product Description:

ESET® Cyber Security delivers fast, powerful protection to your Mac, helping you enjoy safer technology. On the Internet, your personal data is secured against theft by Anti-Phishing. The solution is designed to look after your security, while not getting in your way– ESET Cyber Security’s low system footprint takes care of that.

Vulnerability Discussion:

The update component of Eset Cyber Security for Mac OS X contains a vulnerability that would allow a malicious user to overwrite any file under the operating system by performing a basic symlink style attack. The end result is that key files vital to the operation of the OS could be overwritten leading to a Denial of Service attack.

Vendor Contact Timeline:

2019-03-16: Vendor contacted via email.
2019-05-02: Vendor confirms vulnerability.
2019-07-09: Vendor issues product update v6.7.900.0.
2019-08-09: RACK911 Labs issues advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119