Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2012-2: Mac OS X Firewall Local Authentication Bypass

 

Brief Description

Under certain circumstances, the Anti-Virus for Mac, Safe Anywhere for Mac and Protection Service for Business (PSB) Workstation Security for Mac products may be used to disable the Mac OS X firewall without the user’s knowledge or consent, regardless of their authentication level. No notification is displayed to the end user once the firewall is disabled.

Affected Platforms   

•     Mac OS X 10.6 - 10.8

Products

Risk Level: LOW (Low/Medium/High/Critical)

•      Anti-Virus for Mac
•      Safe Anywhere for Mac
•      PSB Workstation Security for Mac

Notes

For these products, all builds prior to 11500 are affected by the vulnerability (to check the product’s build number, either: click on the Support Center in the product interface; or open the Mac's Terminal program and enter the command fsav --version). The recommended solution is to update the product to the latest build (see below).

Mitigating Factors

Exploiting the vulnerability requires the attack to be executed locally. No attacks have been reported in the wild.

Credit

F-Secure Corporation wants to thank Juho Ranta, Henrik Kouri, Sami Piiroinen and Jani Manninen from Louhi Security for reporting the issue.

Fix Available

Product Versions        Download
Anti-Virus for Mac All builds prior to 11500 Update to build 11500. Automatic upgrades will be available for existing users.
Safe Anywhere for Mac All builds prior to 11500 Update to build 11500. Automatic upgrades will be available for existing users.
PSB Workstation Security for Mac All builds prior to 11500 Update to build 11500. Automatic upgrades will be available for existing users.

 

 

Date Issued: 2012-12-12
Last Updated: 2012-12-12

Get Support online

For documentation and product support, visit our Support site.