The severe memory corruption flaw permitted attackers to execute malware at the kernel level.
Full Story: https://www.zdnet.com/article/code-execution-bug-discovered-in-macos-webroot-secureanywhere-antivirus-software/
https://twitter.com/CVEnew/status/1039978374482014210
Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software
+63Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
I hope Webroots on it and getting it fixed ASAP!
Late 2015 ~ 5K ~ 27 inch iMac ~ macOS Catalina 10.15.7 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm. 👁¿👁 Spam Annihilater 👁¿👁
+63Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
+63It's been Fixed since July 24th, 2018 so this article is a little late in reporting.
Mac Version 9.0.8.34 (Released July 24th, 2018)
Mac Version 9.0.8.34 (Released July 24th, 2018)
Fixed
See here: http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022
Mac Version 9.0.8.34 (Released July 24th, 2018)
Mac Version 9.0.8.34 (Released July 24th, 2018)
Fixed
- MAC Vulnerability by hardening driver access to processes without root privileges.
See here: http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
@ wrote:
It's been Fixed since July 24th, 2018 so this article is a little late in reporting.
Mac Version 9.0.8.34 (Released July 24th, 2018)
Mac Version 9.0.8.34 (Released July 24th, 2018)
Fixed
- MAC Vulnerability by hardening driver access to processes without root privileges.
See here: http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022
Late 2015 ~ 5K ~ 27 inch iMac ~ macOS Catalina 10.15.7 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm. 👁¿👁 Spam Annihilater 👁¿👁
Yes, that was the bit that impressed me:@ wrote:
It's been Fixed since July 24th, 2018.
"Trustwave says that after reporting the issue, Webroot quickly resolved the vulnerability"
Just what you would expect from a reputable AV company :D
+62Hi Webrooters!
This stinks! Makes you wonder now if Webroot can protect the Mac after seeing this vulnerability happen. 😢
This stinks! Makes you wonder now if Webroot can protect the Mac after seeing this vulnerability happen. 😢
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
+63It has been fixed since July 24th https://community.webroot.com/t5/Webroot-in-the-News/Kernel-exploit-discovered-in-macOS-Webroot-SecureAnywhere/m-p/328988#M16 so the Article is quite late in it's reporting in the link in the first post!@ wrote:
Hi Webrooters!
This stinks! Makes you wonder now if Webroot can protect the Mac after seeing this vulnerability happen. ;(
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
+62Thank you Daniel! I thought I read that this vulnerability was fixed in July.@ wrote:
It has been fixed since July 24th https://community.webroot.com/t5/Webroot-in-the-News/Kernel-exploit-discovered-in-macOS-Webroot-SecureAnywhere/m-p/328988#M16 so the Article is quite late in it's reporting in the link in the first post!@ wrote:
Hi Webrooters!
This stinks! Makes you wonder now if Webroot can protect the Mac after seeing this vulnerability happen. ;(
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
+63I don't know why ZDNet would post that article today if it happened a couple of months ago??? It's Stupid IMO like old news. :@@ wrote:
Thank you Daniel! I thought I read that this vulnerability was fixed in July.@ wrote:
It has been fixed since July 24th https://community.webroot.com/t5/Webroot-in-the-News/Kernel-exploit-discovered-in-macOS-Webroot-SecureAnywhere/m-p/328988#M16 so the Article is quite late in it's reporting in the link in the first post!@ wrote:
Hi Webrooters!
This stinks! Makes you wonder now if Webroot can protect the Mac after seeing this vulnerability happen. ;(
By Charlie Osborne for Zero Day | September 13, 2018 -- 12:00 GMT (05:00 PDT) | Topic: Security
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
+62Beats me Daniel. It got me nervous and jerky for awhile. I checked my Mac and I'm running 10.11 OS . Which is a good thing. I'm also not able to update, upgrade any further past that.@ wrote:
I don't know why ZDNet would post that article today if it happened a couple of months ago??? It's Stupid IMO like old news.@ wrote:
Thank you Daniel! I thought I read that this vulnerability was fixed in July.@ wrote:
It has been fixed since July 24th https://community.webroot.com/t5/Webroot-in-the-News/Kernel-exploit-discovered-in-macOS-Webroot-SecureAnywhere/m-p/328988#M16 so the Article is quite late in it's reporting in the link in the first post!@ wrote:
Hi Webrooters!
This stinks! Makes you wonder now if Webroot can protect the Mac after seeing this vulnerability happen. ;(
By Charlie Osborne for Zero Day | September 13, 2018 -- 12:00 GMT (05:00 PDT) | Topic: Security
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
Because Trustwave only publically revealed their discovery of the security flaw today, as stated at the beginning of the article:@ wrote:I don't know why ZDNet would post that article today if it happened a couple of months ago???
On Thursday, researchers from the Trustwave SpiderLabs team revealed the flaw, which impacts the macOS version of the software.
Also, see the Trustwave blog post they link to:
CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption
September 13, 2018 Neil Kettle Comments (0)Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot SecureAnywhere solution. The issues root cause is an arbitrary user-supplied pointer being read from and potentially written too. As such, the issue arms an attacker with...
Read More
Admittedly, the article is a bit misleading at the beginning (the news media are by their very nature as commercial organisations trying to attract attention to their articles with catchy headlines and introductions), but if you read it to the end it becomes clear.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.