Technical details are unknown but a public exploit is available. Successful exploitation requires user interaction by the victim. No form of authentication is required for a successful exploitation. This vulnerability was named CVE-2016-9892 since. The public release was coordinated with the vendor. The weakness was released by Jason Geffner and Jan Bee with Google as CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6 as confirmed mailinglist post (Full-Disclosure). As an impact it is known to affect confidentiality, integrity, and availability. The CWE definition for the vulnerability is CWE-295. The manipulation with an unknown input leads to a weak authentication vulnerability. This vulnerability affects an unknown functionality of the component esets_daemon. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability classified as critical was found in ESET Endpoint Antivirus 6 on macOS ( Anti-Malware Software). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
