The service is statically linked with an old version of the POCO XML parsing library. The problem, according to the experts, was related to a service named esets_daemon that runs as root. The flaw affects ESET Endpoint Antivirus 6 for macOS and it has been patched on February 21 with the release of version 6.4.168.0. The security hole, tracked as CVE-2016-9892, was identified in early November 2016 by Jason Geffner and Jan Bee of the Google Security Team.
ESET has released an update that addresses the vulnerability. Google researchers discovered a critical flaw in ESET Endpoint Antivirus for macOS that could have been exploited by an unauthenticated attacker to remotely execute arbitrary code with root privileges.
0 kommentar(er)
