Eset Cyber Security (Mac OS X) – Arbitrary File Overwrite Vulnerability
ESET® Cyber Security delivers fast, powerful protection to your Mac, helping you enjoy safer technology. On the Internet, your personal data is secured against theft by Anti-Phishing. The solution is designed to look after your security, while not getting in your way– ESET Cyber Security’s low system footprint takes care of that.
The update component of Eset Cyber Security for Mac OS X contains a vulnerability that would allow a malicious user to overwrite any file under the operating system by performing a basic symlink style attack. The end result is that key files vital to the operation of the OS could be overwritten leading to a Denial of Service attack.
Vendor Contact Timeline:
2019-03-16: Vendor contacted via email.
2019-05-02: Vendor confirms vulnerability.
2019-07-09: Vendor issues product update v6.7.900.0.
2019-08-09: RACK911 Labs issues advisory.
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119