Flaw resides in license verification daemon This Expat flaw trickled down to the ESET Mac antivirus, where developers had used POCO to parse XML content streams. Recently, security researchers became aware of a vulnerability (CVE-2016-0718) in the Expat library that allowed for remote code execution via malformed XML content. Geffner says vulnerable versions of the ESET Mac antivirus used the POCO XML parser library version 1.4.6p1 from, which in turn was forked from Expat XML parser library version 2.0.1 from. ESET Mac antivirus used vulnerable XML parsing library The issue, discovered by Google security researcher Jason Geffner, was caused by the usage of an old library inside ESET's antivirus source code. Mac users utilizing ESET's endpoint antivirus are advised to update to version 6.4.168.0 as soon as possible in order to mitigate a serious issue that allows attackers to execute arbitrary code on their machines.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |