[CA8725] Denial-of-service vulnerability in ESET products for macOS fixed

ESET Customer Advisory 2024-0015
September 20, 2024
Severity: Medium

Summary

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. ESET prepared and released fixed products for its users to download and install.

Details

ESET received a report stating that on a machine with the affected ESET product installed, it was possible for a user with low privileges to plant a symlink to a specific location, preventing ESET security product from starting properly.

ESET fixed this possible attack vector and prepared new builds of its products that are no longer susceptible to this vulnerability.

The reserved CVE ID for this vulnerability is CVE-2024-6654, CVSS v4.0 base score is 6.8 with the following CVSS 4.0 vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N.

To the best of our knowledge, there are no existing exploits that take advantage of this vulnerability in the wild.

Solution

ESET prepared fixed builds of its consumer and business products and recommends upgrading to these or scheduling the upgrades in the near future. The easiest and recommended way to get the latest version is to use the Auto Update feature. The fixed builds are available in the Download section of www.eset.com or via ESET Repository as well.

This issue is resolved in the following builds:

  • ESET Cyber Security 7.5.74.0 and later
  • ESET Endpoint Security for macOS 8.0.7200.0

Note that as of version 8 there is a single product for ESET’s business customers on the macOS platform, named ESET Endpoint Security for macOS. Users of ESET Endpoint Antivirus for macOS can upgrade to it with their current subscription. The product’s feature-based licensing will take care of enabling the respective features, based on the subscription used for activation. Users upgrading from ESET Endpoint Antivirus for macOS will need to allow Full Disk Access for the ESET security product to work properly. An article describing the process is available in the ESET Knowledgebase.


Affected programs and versions

  • ESET Cyber Security 7.0 - 7.4.1600.0
  • ESET Endpoint Antivirus for macOS 7.0 - 7.5.50.0

Feedback & Support

If you have feedback or questions about this issue, contact us via the ESET Security Forum or local ESET Technical Support.


Acknowledgment

ESET values the principles of responsible disclosure within the security industry and would like to express our thanks to the undisclosed reporter.


Version log

Version 1.1 (September 27, 2024): Edited title of article
Version 1.0 (September 20, 2024): Initial version of this document