Mitigation Strategy for Customers
Vulnerability in the custom URL handler could allow remote code execution
Critical vulnerability has been identified within MacKeeper when executing commands using its custom URL scheme. MacKeeper has released a new version of the service that addresses this vulnerability.
Mitigation Strategy for Customers (what you should do to protect yourself):
Starting from May 8, 2015, 4pm ET, run MacKeeper Update Tracker and install the latest version of the application, version 3.4.1 or later.
Steps to update:
- MacKeeper Update Tracker automatically checks for a later version whenever the application is run. Click OK when prompted that new version is available.
- To manually update, download the latest version from the following URL.
There are no known cases of any security breach and the fix was created within hours of being notified. If you are experiencing problems with update or have any problems in your system regarding this issue please, contact us on firstname.lastname@example.org.
MacKeeper would like to thank Braden Thomas and SecureMac for reporting these issues.