This event triggers the CVE-2016-0718 flaw that executes the malicious code with root privileges when esets_daemon parsed the XML content. ![]() Join our insightful webinar! Save My Seat! Zero Trust + Deception: Learn How to Outsmart Attackers!ĭiscover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Now, when esets_daemon sent a request to during activation of the ESET Endpoint Antivirus product, an MITM attacker can intercept the request to deliver a malformed XML document using a self-signed HTTPS certificate. This POCO version is based on a version of the Expat XML parser library version 2.0.1 from 2007, which is affected by a publicly known XML parsing vulnerability ( CVE-2016-0718) that could allow an attacker to execute arbitrary code via malicious XML content. ![]() The service is statically linked with an outdated version of the POCO XML parser library, version 1.4.6p1 released in March 2013. The actual issue was related to a service named esets_daemon, which runs as root. As detailed in the full disclosure, all a hacker needs to get root-level remote code execution on a Mac computer is to intercept the ESET antivirus package's connection to its backend servers using a self-signed HTTPS certificate, put himself in as a man-in-the-middle (MITM) attacker, and exploit an XML library flaw.
0 Comments
Leave a Reply. |