[CA8151] Denial of service vulnerability in ESET products for macOS fixed

ESET Customer Advisory 2021-0013
October 20, 2021
Severity: Medium

Summary

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot. ESET prepared and released fixed products for its users to download and install.

Details

On September 1, 2021, ESET received a report stating that a machine with an affected ESET product installed, it was possible for an attacker to stop the ESET daemon by sending multiple restart commands from a modified ESET GUI.

Stopping the ESET daemon disables the protection features offered by ESET security applications until a restart of the system.

ESET has implemented additional verification measures that disable this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.

The reserved CVE ID for this vulnerability is CVE-2021-37850 with the following CVSS v3 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

To our best knowledge, there are no existing exploits that take advantage of this vulnerability in the wild.

Solution

ESET prepared fixed builds of its consumer and business products for macOS in less than 90 days, which is the window of time defined by the responsible disclosure process for issuing a patch. We recommend that users download these builds from the Download section of www.eset.com and install them.

This issue is resolved in the following builds:

  • ESET Cyber Security and ESET Cyber Security Pro 6.11.2.0 and later (released on October 7, 2021)
  • ESET Endpoint Antivirus for macOS and ESET Endpoint Security for macOS 6.11.1.0 and later (released on October 6, 2021)

Affected programs and versions

  • ESET Cyber Security and ESET Cyber Security Pro 6.10.700 and earlier
  • ESET Endpoint Antivirus for macOS and ESET Endpoint Security for macOS 6.10.910.0 and earlier

Feedback & Support

If you have feedback or questions about this issue, contact us using the ESET Security Forum, or via local ESET Technical Support.

Acknowledgment

ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (廷叡 周) who reported this issue.

Version log

Version 1.0 (October 20, 2021): Initial version of this document