|
|
Researcher: MacKeeper software has critical security flaw
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
Controversial software package MacKeeper -- long a sore spot with veteran users due to its aggressive and fear-based advertising, reputation for causing more problems than it might solve, and deliberate difficulty and obfuscation when users want to remove it -- has often been labelled junkware, extortionware, trickware, or even a form of malware in its own right, despite the company's protestations. A security researcher has now found, however, that the program contains a critical security flaw that leaves users vulnerable to attack. Earlier as well as the current versions of the software, now at v3.4, have a flaw caused by MacKeeper's ignoring of an Apple guideline regarding input validation for custom URLs -- the same technology that allows Mac and iOS users to tap on a phone number or date to launch a given application, or to create non-standard URLs such as direct iTunes links. Apple cautions developers that they must use input validation to be sure that the chosen URL is legit and not a specially-crafted malicious site, but MacKeeper's developers apparently disregarded that, creating a zero-day exploit that could wreak havoc if users accidentally click on a malicious URL.
Because MacKeeper, among other functions, sets itself up as a "security" package, it overrides normal controls and implements its own URL handler. As a result of the flaw, arbitrary code or commands could be executed with root privileges, opening the door to installing malware or essentially anything the attacker wished. Security researcher Braden Thomas, who discovered the flaw, has posted an amusing proof-of-concept that demonstrates how a crafted URL could take control of user's Mac without user interaction -- by creating a website which, if visited, will remotely uninstall MacKeeper.
It's not known if Thomas has notified the MacKeeper developers, ZeoBit, or its distributors Kromtech Alliance of the problem. ZeoBit claims that the software has been downloaded some 20 million times, though many of its ads trick users into unwillingly downloading the software in the hopes of being able to close the pop-up, which often blocks the main screen. How many paid users of the software there are is not known, but the software promises to remove "junk" and other items to "clean up" a user's Mac.
An investigation of the software by Mac-Forums found that it did do some of the advertised functions, but that everything the program did that was beneficial could also be done by a range of either built-in Mac utilities or free third-party programs that do not rely on "scareware" tactics. The analysis of the program found that while it was not itself malicious in nature, it was poorly executed even in its advertised functions, and when one added the extortionate fear-based advertising, poor product support, and deliberately-obtuse full removal difficulty, was a poor choice compared to excellent free third-party or Apple-included utility apps.
Instructions on how to fully remove MacKeeper can be found here, or users who have it installed can visit the proof-of-concept URL.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Apr 2007
Status:
Offline
|
|
For some reason, this story put a smile on my face. Cool.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Oct 2009
Status:
Offline
|
|
These developers should be cuffed and locked up for years.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Aug 2010
Status:
Offline
|
|
A remote exploit that uninstalls the crapware, due to a flaw in the app itself? Genius!! It's too bad they'll probably fix it.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2006
Status:
Offline
|
|
MacKeeper is itself a security flaw, regardless of this issue.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status:
Offline
|
|
You don't need any crap like this on a Mac.
Unless you want to live the Windows experience.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: May 2015
Status:
Offline
|
|
Steer clear of MacKeeper.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status:
Offline
|
|
A security risk has a security risk? That's so meta.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2006
Location: NY
Status:
Offline
|
|
hahahahahahahahahahaha
MacKeeper IS MALWARE!!!!!! So this is just a redundant story!
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 2008
Location: UKland
Status:
Offline
|
|
God I hate this app. see it on so many customer computers, especially the less computer savvy ones, I remove it least 1o times a week.
|
This space for Hire! Reasonable rates. Reach an audience of literally dozens!
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by donmontalvo
These developers should be cuffed and locked up for years.
Why the developers? They might not be the business owners.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
That proof-of-concept app looks like an Objective-C method call, with the class name, selector name, and arguments. So basically, if I'm interpreting this right, they've been taking URLs from the Internet and converting them straight into Objective-C invocations. That's just... wow. That's really bad.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|