Disclosed by security researchers at Trustwave SpiderLabs, the flaw has been called the Webroot SecureAnywhere vulnerability. The team describes this as a critical problem. At its core, the vulnerability gives an attacker the power to use arbitrary codes at a kernel level in MacOS. Researchers are Trustwave SpiderLabs explains how Webroot SecureAnywhere functions: “A user-controllable pointer dereference exists in the kernel driver of the Webroot SecureAnywhere solution for macOS the root cause of which is an arbitrary user-supplied pointer being read from and potentially written too. “As such, the issue arms an attacker with a write-what-where kernel gadget with the caveat that the original value of the memory referenced by the pointer must be equal to (int) -1.” We have heard about kernel level flaws before, most notably with Meltdown and Spectre. While that notorious vulnerability affected most Intel-based PCs and some machines from other CPU vendors, this is more limited. It has been observed purely on Apple Mac devices and importantly can only be enacted locally. This means a bad actor would need direct access to a Mac to implement the malicious code.
Patched
Trustwave SpiderLabs says it discovered the vulnerability on June 29, 2018 and informed Webroot of the problem. In response, the anti-virus company issued a patch on July 24. This patch was explained by Webroot: “The security of our customers is of paramount importance to Webroot. This vulnerability was remedied in software version 9.0.8.34 which has been available for our customers since July 24, 2018. We have no evidence of any compromises from this vulnerability.”
