OS X Utility Software Patched

Wednesday, May 13, 2015 @ 03:05 PM gHale

MacKeeper, a utility software suite for OS X, patched a hole attackers could leverage to remotely execute arbitrary code.

Security researcher Braden Thomas discovered the vulnerability last week and published a proof-of-concept (PoC) to demonstrate his findings.

Apple Fixes Webkit Flaws in Safari
Ransomware Focuses on Outdated Plug-Ins
Malware Goes Invisible
New Ransomware Hits the Street

The flaw is the result of the way MacKeeper handles custom URLs, SecureMac said in an advisory. A remote attacker can exploit the vulnerability to execute arbitrary code if he can use social engineering and trick the victim into visiting a specially crafted website.

If the user is already logged in when he/she clicks on the malicious link, the attacker’s code will execute with root privileges. If victims are not logged in, they will get a prompt to enter their username and password.

“This flaw appears to be caused by a lack of input validation by MacKeeper when executing commands using its custom URL scheme,” SecureMac’s advisory said. “Apple’s inter-application programming guide explicitly tells developers to validate the input received from these custom URLs in order to avoid problems related to URL handling. Additionally, Apple has provided information on the importance of input validation in their Secure Coding Guide,” SecureMac said.

The vulnerability affects MacKeeper 3.4 and earlier, and ends up fixed with the release of version 3.4.1. MacKeeper advised users to update their installations as soon as possible. The developers said they patched the bug within hours after learning of its existence, and there is no evidence to suggest the vulnerability is suffering from exploitations. MacKeeper has credited SecureMac and Thomas for reporting the vulnerability.

Leave a Reply

You must be logged in to post a comment.