Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software

The severe memory corruption flaw permitted attackers to execute malware at the kernel level.
Written by Charlie Osborne, Contributing Writer

A severe vulnerability discovered in the Webroot SecureAnywhere antivirus software allows attacks to take place at the kernel level.

On Thursday, researchers from the Trustwave SpiderLabs team revealed the flaw, which impacts the macOS version of the software.

Webroot's SecureAnywhere solution is a paid endpoint protection program which offers "full-scale antivirus security at an affordable price."

The vulnerability, CVE-2018-16962, is a memory corruption bug which has been caused by an arbitrary user-supplied pointer which can be read from and "potentially written too," according to Trustwave.

If particular conditions in the memory function of SecureAnywhere are met, attackers are gifted with a write-what-where kernel opening, allowing them to execute arbitrary code in this core element.

See also: How to steal a Tesla Model S in seconds

The saving grace with this kernel-level attack is that threat actors need local access to exploit the security flaw.

If the vulnerability had permitted remote attacks, this would have been far more serious and would have given cyberattackers an almost limitless means to compromise the software.

TechRepublic: Apple macOS High Sierra: A cheat sheet

"While macOS is an important target for attackers, the installation base of Windows still outpaces Mac," the researchers say, "It's also local only, not remote, so an attacker needs to be logged into a vulnerable Mac or convince a logged-in user to open the exploit via social engineering."

Trustwave says that after reporting the issue, Webroot quickly resolved the vulnerability.

CNET: MacOS Mojave: Everything you need to know

It is recommended that macOS users of Webroot SecureAnywhere enable automatic updates to receive the security patch or manually upgrade to version

"The security of our customers is of paramount importance to Webroot," Chad Bacher, SVP of Product Strategy and Technology Alliances at Webroot told ZDNet. "This vulnerability was remedied in software version which has been available for our customers since July 24, 2018."

"For any user running a version of Mac not currently supported by Apple (OS 10.8 or lower), we recommend upgrading to an Apple-supported version to receive our updated agent and be in line with cybersecurity best practices on system patching," the executive added.

Webroot is not aware of any compromises due to this vulnerability.

How to discover and destroy spyware on your smartphone (in pictures)

Previous and related coverage

Editorial standards