Security Advisories

FSC-2012-2: MAC OS X FIREWALL LOCAL AUTHENTICATION BYPASS

Description

Under certain circumstances, the Anti-Virus for Mac, Safe Anywhere for Mac and Protection Service for Business (PSB) Workstation Security for Mac products may be used to disable the Mac OS X firewall without the user's knowledge or consent, regardless of their authentication level. No notification is displayed to the end user once the firewall is disabled.
 

Affected Products


Risk Level: LOW (Low/Medium/High/Critical)
  • Anti-Virus for Mac
  • Safe Anywhere for Mac
  • PSB Workstation Security for Mac

 

Platforms

  • Mac OS X 10.6 - 10.8

 

Notes

For these products, all builds prior to 11500 are affected by the vulnerability (to check the product's build number, either: click on the Support Center in the product interface; or open the Mac's Terminal program and enter the command fsav --version). The recommended solution is to update the product to the latest build (see below).

Mitigating Factor

Exploiting the vulnerability requires the attack to be executed locally. No attacks have been reported in the wild.

 

Patch Available

Product Versions        Download
Anti-Virus for Mac All builds prior to 11500 Update to build 11500. Automatic upgrades will be available for existing users.
Safe Anywhere for Mac All builds prior to 11500 Update to build 11500. Automatic upgrades will be available for existing users.
PSB Workstation Security for Mac All builds prior to 11500 Update to build 11500. Automatic upgrades will be available for existing users.

Credits

F-Secure Corporation wants to thank Juho Ranta, Henrik Kouri, Sami Piiroinen and Jani Manninen from Louhi Security for reporting the issue.

 

 

Date Issued: 2012-12-12
Last Updated: 2012-12-12

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now