McAfee Inc. has repaired a flaw in its antivirus program for Mac OS X machines that attackers could exploit to...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
bypass the malware scanner and gain elevated system privileges.
An issue exists with the default permissions and validation of specific files belonging to McAfee Virex 7.7 that may allow for local authenticated command execution, the Santa Clara, Calif.-based antivirus vendor said in an
"The vulnerability is caused due to /Library/Application Support/Virex/VShieldExclude.txt having insecure permissions and being created insecurely," Danish vulnerability clearinghouse Secunia said in an advisory. "This can be exploited to create arbitrary files with escalated privileges via symlink attacks."
McAfee recommends that users apply the patch, which has been pushed to all its live update servers.