Thomas’ tweet containing the PoC, this URL was hidden behind a shortened URL. One may wonder who in their right minds would click on a link looking like that. This PoC will execute the following command: rm -rf /Applications/MacKeeper.app pkill -9 -a MacKeeper LwKShJOVAi1jhpKEk5U4cm0gLXJmIC9BcHBsaWNhdGlvbnMvTWFjS2VlcGVyLmFwcDtwa2lsīCAtOSAtYSBNYWNLZWVwZXKGhpKEk5UGUFJPTVBUhpKEk5UzWW91ciBjb21wdXRlciBoYXMgīWFsd2FyZSB0aGF0IG5lZWRzIHRvIGJlIHJlbW92ZWQuhpKEk5ULTEFVTkNIX1BBVEiGkoST Take a look at the proof-of-concept (PoC) URL released by Braden Thomas: com-zeobit-command:///i/ZBAppController/performActionWithHelperTask:īAtzdHJlYW10eXBlZIHoA4QBQISEhAhOU1N0cmluZwGEhAhOU09iamVjdACFhAErBk5TVGFzĪ4aShISEDE5TRGljdGlvbmFyeQCUhAFpA5KEk5UJQVJHVU1FTlRThpKEhIQHTlNBcnJheQCU The attack is quite simple, unfortunately. No malicious MacKeeper URLs have yet been spotted in the wild, but hackers have the blueprints now, so it’s undoubtedly just a matter of time. This is a very serious issue, and now that a proof-of-concept has been published, users of MacKeeper are at high risk of attack. In non-tech-speak, a hacker can create a link that will, if clicked, result in MacKeeper executing code embedded within the link! Such code could do things like wiping your hard drive clean, uploading data to a remote server, or downloading and installing malware. However, now there’s a new reason to avoid MacKeeper: it has been found to contain a serious vulnerability that can lead to remote code execution through the use of a malicious URL. I have long advised against using MacKeeper for a variety of reasons (some of which can be found in Ongoing MacKeeper fraud).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |