Users can fix the problem simply by updating to the latest version. “This is a serious flaw and an important software update that Little Snitch users could have easily missed,” Wardle told Threatpost. The following month, Little Snitch’s developer Objective Development released the (3.6.2) version of the firewall that fixed the problem.
In January, Wardle discovered that the firewall software contained a local escalation of privileges (EoP) vulnerability that any local user (or malware) could exploit. Wardle did not test versions of Little Snitch released prior to 3.x. Affected are 3.x versions of the Little Snitch firewall software released prior to build 3.6.2 running on El Capitan. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker Patrick Wardle. Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems.
0 kommentar(er)
