HomeWinBuzzer NewsApple Mac Vulnerability Leaves Platform Open to Kernel Exploit

Apple Mac Vulnerability Leaves Platform Open to Kernel Exploit

A newly disclosed flaw in Webroot on Mac could give attackers the ability to execute kernel level codes, but only with local access.

-

We have been hearing about plenty of Windows vulnerabilities in recent weeks, but this week we have seen a possible exploit that could also affect 's Mac. Cupertino's computer platform is often touted for its security and closed system. However, a new vulnerability has been discovered in the Mac Webroot Anti-Virus.

Disclosed by security researchers at Trustwave SpiderLabs, the flaw has been called the Webroot SecureAnywhere vulnerability. The team describes this as a critical problem. At its core, the vulnerability gives an attacker the power to use arbitrary codes at a kernel level in .

Researchers are Trustwave SpiderLabs explains how Webroot SecureAnywhere functions:

“A user-controllable pointer dereference exists in the kernel driver of the Webroot SecureAnywhere solution for macOS the root cause of which is an arbitrary user-supplied pointer being read from and potentially written too.

“As such, the issue arms an attacker with a write-what-where kernel gadget with the caveat that the original value of the memory referenced by the pointer must be equal to (int) -1.”

We have heard about kernel level flaws before, most notably with Meltdown and Spectre. While that notorious vulnerability affected most -based PCs and some machines from other CPU vendors, this is more limited.

It has been observed purely on Apple Mac devices and importantly can only be enacted locally. This means a bad actor would need direct access to a Mac to implement the malicious code.

Patched

Trustwave SpiderLabs says it discovered the vulnerability on June 29, 2018 and informed Webroot of the problem. In response, the anti-virus company issued a patch on July 24. This patch was explained by Webroot:

“The security of our customers is of paramount importance to Webroot. This vulnerability was remedied in software version 9.0.8.34 which has been available for our customers since July 24, 2018. We have no evidence of any compromises from this vulnerability.”

SourceTrustWave
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News