Google finds bug in antivirus app specifically built to protect your Mac

mac, antivirus

In an oddly ironic turn of events, security researchers from Google have uncovered a vulnerability in Mac antivirus software that – contrary to its purpose – exposed your system to malicious interceptions. Curiously, the app was developed by the same company that discovered this cheeky Pornhub malware.

Googlers Jason Geffner and Jan Bee found the flaw in ESET’s Endpoint Antivirus 6 for macOS built specifically to “eliminate all types of threats, including viruses, rootkits, worms and spyware” as per the the company’s own description.

As it turns out though, the protective software was riddled with kinks that made users susceptible to hackings. According to the security researchers, the bug allowed attackers to remotely access their device by exploiting outdated XML parsing libraries.

To be more specific, the risk came from the POCO XML parser library that included code from the Expat XML Parser, which suffered from a well-documented glitch that allowed attackers to run “arbitrary code execution via malformed XML content.”

This ultimately made it possible for hackers to intercept requests to the library and deliver malicious XML documents using a self-signed HTTPS certificate, granting the attackers root privileges to your Mac.

While the vulnerability report was originally filed back in November last year, Google gave ESET three months to sort out the issue before releasing the full bug documentation earlier this week on February 27.

ESET has since updated its antivirus app and fixed the issue. In case your Mac runs the affected version of the program, you can get the latest reiteration ( of the software here.

Read the full vulnerability disclosure on this page.

Remote Code Execution as Root via ESET Endpoint Antivirus 6 on SecLists

Read next: Prisma's new filter creator lets you copy any art style with AI