Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on March 1, 2017

Google finds bug in antivirus app specifically built to protect your Mac


Google finds bug in antivirus app specifically built to protect your Mac

In an oddly ironic turn of events, security researchers from Google have uncovered a vulnerability in Mac antivirus software that – contrary to its purpose – exposed your system to malicious interceptions. Curiously, the app was developed by the same company that discovered this cheeky Pornhub malware.

Googlers Jason Geffner and Jan Bee found the flaw in ESET’s Endpoint Antivirus 6 for macOS built specifically to “eliminate all types of threats, including viruses, rootkits, worms and spyware” as per the the company’s own description.

As it turns out though, the protective software was riddled with kinks that made users susceptible to hackings. According to the security researchers, the bug allowed attackers to remotely access their device by exploiting outdated XML parsing libraries.

To be more specific, the risk came from the POCO XML parser library that included code from the Expat XML Parser, which suffered from a well-documented glitch that allowed attackers to run “arbitrary code execution via malformed XML content.”

This ultimately made it possible for hackers to intercept requests to the library and deliver malicious XML documents using a self-signed HTTPS certificate, granting the attackers root privileges to your Mac.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

While the vulnerability report was originally filed back in November last year, Google gave ESET three months to sort out the issue before releasing the full bug documentation earlier this week on February 27.

ESET has since updated its antivirus app and fixed the issue. In case your Mac runs the affected version of the program, you can get the latest reiteration (6.4.168.0) of the software here.

Read the full vulnerability disclosure on this page.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with