Critical Vulnerability in ESET Endpoint Antivirus - Patch Update Is Available
Another day, another security flaw...
On February 8, Jason Geffner and Jan Bee, members of Google Security Team, disclosed the vulnerability in ESET's antivirus software. As detailed in their security advisory, the flaw allows attackers to execute code as root on vulnerable clients.
Technically speaking, "vulnerable versions of ESET Endpoint Antivirus 6 are statistically linked with an outdated XML parsing library and do not perform proper server authentication, allowing for remote unauthenticated attackers to perform arbitrary code execution as root on vulnerable clients."
This attack was possible because ESET antivirus did not validate the web server's certificate.
Google's Security Team has also published a proof-of-concept showing how ESET antivirus can be attacked.
ESET posted the official statement containing the security advisory for their customers: “ESET was made aware of potential vulnerabilities in its consumer and business products for macOS. Upon detailed inspection, ESET identified the causes of the issues and prepared fixed products for its users to download and install.”
ESET patched this vulnerability in ESET Endpoint Antivirus version 184.108.40.206.
To secure your Mac from any potential attacks, update to this version as soon as possible.