SecureMac Issues Critical Security Advisory for MacKeeper Users

LOS ANGELES — Apple Macintosh and Mac OS X security specialists SecureMac, has issued a critical security advisory for users of the OS X utility program MacKeeper.

According to SecureMac, a flaw in MacKeeper’s URL handler implementation allows arbitrary remote code execution when a user visits a specially crafted webpage. MacKeeper was originally created by Ukrainian company ZeoBIT, and is now distributed by Kromtech Alliance Corp.

Security researcher Braden Thomas discovered the flaw, caused by MacKeeper’s lack of input validation when executing commands using its custom URL scheme, enabling commands to be run as “root” with little to no user interaction required.

Thomas published a proof-of-concept (POC) that demonstrates how using Safari to visit a specially coded webpage causes the affected system to execute various commands, which in the case of the POC, will uninstall MacKeeper.

SecureMac notes that while the POC is relatively benign, the source code provided with it could easily be modified to perform malicious attacks.

“If MacKeeper has already prompted the user for their password during the normal course of the program’s operation, the user will not be prompted for their password prior to the arbitrary command being executed as root,” explains a SecureMac spokesperson. “If the user hasn’t previously authenticated, they will be prompted to enter their username and password — however, the text that appears for the authentication dialog can be manipulated as part of the exploit and set to anything, so the user might not realize the consequences of this action.”

As with other operating systems, Apple allows OS X and iOS apps to define custom URL schemes and register them with the operating system so that other programs know which app should handle the custom URL scheme.

“Normally, this is used to define a custom communication protocol for sending data or performing a specific action (for example, clicking a telephone number link in iOS will ask if the user wants to dial that number, or clicking an email address link in OS X will open Mail.app and compose a new message to that person),” the spokesperson adds. “Apple’s inter-application programming guide explicitly tells developers to validate the input received from these custom URLs in order to avoid problems related to URL handling. Additionally, Apple has provided information on the importance of input validation in their Secure Coding Guide.”

It appears that these security guidelines were ignored.

According to MacKeeper, its software has surpassed 20 million downloads worldwide, but despite this popularity, reports from users have cited its numerous pop-ups and advertisements as major negatives, and it remains to be seen how this latest revelation will affect its users.

A workaround is available for MacKeeper users until this vulnerability in the program is fixed: On OS X, clicking a link in Safari that uses a custom URL scheme will automatically open the program that is registered to handle that type of URL. Other browsers, such as Google’s Chrome, will ask the user for permission before opening a link that uses an external protocol. Non-technical users could use a web browser other than Safari, in order to see an alert before a link could cause an arbitrary command to be executed, while more technical users could remove the custom URL scheme handler from MacKeeper’s Info.plist file.

For more information, visit SecureMac.com.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Nebraska Legislature Passes Republican's Age Verification Bill With No Votes Against It

Nebraska’s unicameral legislature has passed the state’s version of the age verification bills being sponsored around the country by anti-porn religious conservative activists.

Performers in Meta Blacklisting Lawsuit Seek to Preserve Antitrust Claims

Adult Performance Artists Guild board officers Alana Evans, Kelly Pierce and Ruby have informed a California court that, although they want to drop their lawsuit claiming that Meta conspired with OnlyFans to blacklist rival premium fan platforms’ talent, they may still have antitrust claims that they may pursue in the future.

FSC, Co-Plaintiffs to Ask US Supreme Court to Review Constitutionality of Texas Age Verification Law

Free Speech Coalition (FSC) and its co-plaintiffs in the challenge to Texas’ controversial age verification law have filed a petition before the United States Court of Appeals for the 5th Circuit asking to stay its recent upholding the law because they intend to appeal to the U.S. Supreme Court to review the law’s constitutionality.

FSC Vows to Fight Florida Age Verification Law

Free Speech Coalition (FSC) issued a statement vowing to continue fighting Florida’s age verification law, which was signed by Gov. Ron DeSantis on Monday as part of a comprehensive bill targeting minors’ use of social media.

Kansas Republican Aims to Create New Bureaucracy to 'Investigate' Porn Websites

Republican state legislators succeeded Monday in moving forward Kansas’ version of the age verification bills being sponsored around the country by anti-porn religious conservative activists, despite serious concerns raised by House Democrats about the cost of establishing a new bureaucracy tasked with investigating websites for pornographic content.

SK Intertainment Launches 'Skinfluential Management' Agency, FansFuel Joint Venture

Mr. Skin/Mr. Man parent company SK Intertainment has launched new creator agency Skinfluential Management, as well as a new joint venture with Showbizz Media's creator stats and affiliate marketing platform, FansFuel.

Industry Attorney, Free Speech Champion Clyde DeWitt Passes Away at 75

Noted industry attorney Clyde DeWitt passed away on Friday in Las Vegas at 75, according to friends and colleagues.

APClips Names Avery Jane 'Creator of the Month'

APClips has named Avery Jane its Creator of the Month for March.

JustFor.fans Offers Gumroad Users Platform to Sell NSFW Artwork

JustFor.fans (JFF) is offering Gumroad users a platform to sell NSFW artwork after the latter banned adult content.

Live Cam Academy Offers Free Access to Educational Resources

Live Cam Academy is offering its educational resources for free to content creators and cam models.

Show More