1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Controversial MacKeeper security program opens critical hole on Mac computers

Discussion in 'Network World' started by RSS, May 11, 2015.

  1. RSS

    RSS New Member Member

    A critical vulnerability in MacKeeper, a controversial security program for Mac computers, could let attackers execute malicious commands on Macs when their owners visit specially crafted Web pages.

    MacKeeper’s developers acknowledged the recently discovered problem and released a fix for it Friday, saying in a blog post that users should run MacKeeper Update Tracker and install version 3.4.1 or later.

    MacKeeper registers itself as the handler for a custom URL scheme, allowing websites to automatically call the application through the browser.

    Researcher Braden Thomas found an issue in the program’s validation of such URLs that makes it possible for attackers to execute arbitrary commands with root privilege when MacKeeper users visit a specially crafted website in Safari. As a proof of concept, he posted a link on Twitter that automatically executes a command to remove MacKeeper when clicked.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page