Zero-Day Vulnerability Puts Millions Of MacKeeper Users At Risk

Zero-Day Vulnerability Puts Millions Of MacKeeper Users At Risk

Mac users, still using MacKeeper ? Mac experts says you should stay away from MacKeeper. Here is why:

A newly discovered security vulnerability in MacKeeper (version 3.4 and earlier) enables remote code execution if a user visits a specially crafted web page. Don't think it's the only reason you should stay away from MacKeeper, there is more, like the reputation for causing more problems than it might solve, aggressive marketing tactics (pop under ads) and difficulty when users want to remove it.


The flaw, which was discovered by security researcher Braden Thomas, exists in MacKeeper's URL handler implementation that allows arbitrary remote code execution when a user visits a specially crafted webpage.

"If MacKeeper has already prompted the user for their password during the normal course of the program's operation, the user will not be prompted for their password prior to the arbitrary command being executed as root. If the user hasn't previously authenticated, they will be prompted to enter their username and password – however, the text that appears for the authentication dialog can be manipulated as part of the exploit and set to anything, so the user might not realize the consequences of this action. At this time it is not known if Mr. Thomas reached out to MacKeeper prior to publication of the vulnerability, but this is likely a zero-day exploit, " the advisory reads.

Proof-of-concept (POC) demonstrating how visiting a specially crafted webpage in Safari causes the affected system to execute arbitrary commands is here.


Uninstall it. If you really want to use the MacKeeper, use a web browser other than safari, in order to see an alert before a link could cause an arbitrary command to be executed.

Update: MacKeeper fixed the issue (version 3.4.1). Download the latest version from here.

No comments

Powered by Blogger.