Must Read

MacKeeper 0-day flaw more than 20 million users affected

If you are a Mac user and not using MacKeeper, you probably seen it in some pop-under ads on spam or porn websites as advertisement and their infamous “Leave Page/Stay on This Page” dialogue, no wonder it been affected by 0-day emoemote code execution flaw considering what kind of ads campaigns they use for promotion…

MacKeeper 3.4.1 and earlier are affected, the way it handles custom URLs in a specific way that could allow hackers to run commands as a root user, with little of user interaction which is required.

Security Researcher Braden Thomas has published proof-of-concept (POC) and demonstrated how he executed arbitrary commands by visiting crafted webpage in safari, the command itself was designed to uninstall MacKeeper when executing commands using its custom URL, if the user has already provided his personal password to MacKeeper anti-virus, command will be run as root without any additional steps, however if user did not provide password they will be prompted to enter their credentials, which comes to the question as many users would provide their username and password so the users would not realise the consequences.

At this time vulnerability has been patched and update released, make sure to run MacKeeper Update and install the latest version 3.4.1 or latest, so far it isn’t clear how big impact had on it users, so far Kromtech the European investment company that stand behind MacKeeper did not confirm neither is aware of any cyber breach exploiting this security flaw.

Risk: Critical (for OSX users using MacKeeper anti virus )

Alternative to MacKeeper:

AVG – Antivirus (free) combining with Clean My Mac 3 (paid + free trial)

About nona (27 Articles)
Founder of The Hack Times, information gathering and cyber security specialist , always one step ahead. Open for communication.

4 Comments on MacKeeper 0-day flaw more than 20 million users affected

  1. Wait, people actually use MacKeeper? The damn thing installs various pop up ad services, force-sets your browser homepage to some sponsored page that they get money from when you visit, and other nasty things. If you have MacKeeper the first and only thing you should do is remove it, if you can, cause it tries pretty hard to hide itself and acompanying background services 😛

Leave a comment

Your email address will not be published.