Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: PRIVILEGE ESCALATION VULNERABILITY AFFECTING ESET MAC-OS, PATCH IMMEDIATELY!
Image
Published : 25/09/2024
Reference:
Advisory #2024-229
Version:
1.0
Affected software:
ESET Cyber Security 7.0 - 7.4.1600.0
ESET Endpoint Antivirus for macOS 7.0 - 7.5.50.0
Type:
(Local) Privilege Escalation
CVE/CVSS:
CVE-2024-6654
CVSS 6.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N)
Sources
Risks
On 20 September 2024, ESET released an advisory about a privilege escalation vulnerability in ESET Cyber Security and ESET Endpoint Antivirus for macOS. This vulnerability would allow an attacker to perform a Denial-of-Service attack.
ESET Cyber Security and ESET Endpoint Antivirus are consumer and business products for macOS.
As of this date, ESET is not aware that this vulnerability is actively exploited (cut-off date: 25 September 2025).
A threat actor logged on to the system can exploit this vulnerability to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.
Description
CVE-2024-6654 is a privilege escalation vulnerability which could allow a low-privileged user to plant a symlink to a specific location, thus disabling the company’s security tools from running properly.
Recommended Actions
Patch
ESET reported that the vulnerability is fixed with:
- ESET Cyber Security 7.5.74.0 and later
- ESET Endpoint Security for macOS 8.0.7200.0
Please note that as of version 8 there is a single product for ESET’s business customers on the macOS platform, named ESET Endpoint Security for macOS. Users upgrading from ESET Endpoint Antivirus for macOS will need to allow Full Disk Access for the ESET security product to work properly.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.