Home > Cyber News > ESET CVE-2016-9892 Flaw Exposes Macs to Remote Code Execution
CYBER NEWS

ESET CVE-2016-9892 Flaw Exposes Macs to Remote Code Execution

Another day, another vulnerability. Did you hear about the recently revealed remote code execution bug in all (except the latest) ESET Endpoint Antivirus 6 for macOS? The vulnerability in question has been identified as CVE-2016-9892.

The vulnerability was discovered and reported by Google Security Team researchers (Jason Geffner and Jan Bee). As to why it was there to be found in the first place – esets_daemon service was found to be statically linked to an outdated version of the POCO XML parser library.

CVE-2016-9892 explained by the security experts:

The esets_daemon service, which runs as root, is statically linked with an outdated version of the POCO XML parser library (https://pocoproject.org/) — version 1.4.6p1 from 2013-03-06. This version of POCO is based on Expat (https://expat.sourceforge.net/) version 2.0.1 from 2007-06-05, which has a publicly known XML parsing vulnerability (CVE-2016-0718) that allows for arbitrary code execution via malformed XML content.

Furthermore, “when ESET Endpoint Antivirus tries to activate its license, esets_daemon sends a request to https://edf.eset.com/edf. The esets_daemon service does not validate the web server’s certificate, so a man-in-the-middle can intercept the request and respond using a self-signed HTTPS certificate. The esets_daemon service parses the response as an XML document, thereby allowing the attacker to supply malformed content and exploit CVE-2016-0718 to achieve arbitrary code execution as root.”

Mitigation against CVE-2016-9892

CVE-2016-9892 has already been fixed. To do so, ESET has upgraded the POCO parsing library to the latest build.

The security vendor patched the bug in ESET Endpoint Antivirus version 6.4.168.0.

Google researchers advise users to log on from the product’s change here.

More information is available on https://seclists.org.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree