ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot. ESET prepared and released fixed products for its users to download and install.
On September 1, 2021, ESET received a report stating that a machine with an affected ESET product installed, it was possible for an attacker to stop the ESET daemon by sending multiple restart commands from a modified ESET GUI.
Stopping the ESET daemon disables the protection features offered by ESET security applications until a restart of the system.
ESET has implemented additional verification measures that disable this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.
The reserved CVE ID for this vulnerability is CVE-2021-37850 with the following CVSS v3 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
To our best knowledge, there are no existing exploits that take advantage of this vulnerability in the wild.
ESET prepared fixed builds of its consumer and business products for macOS in less than 90 days, which is the window of time defined by the responsible disclosure process for issuing a patch. We recommend that users download these builds from the Download section of www.eset.com and install them.
This issue is resolved in the following builds:
ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to Teiei Shu (廷叡 周) who reported this issue.
Version 1.0 (October 20, 2021): Initial version of this document