Multiple ESET products for macOS vulnerable to improper server certificate verification

Overview Multiple ESET products for macOS are vulnerable to improper server certificate verification CWE-295. KOBAYASHI Yasuyuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A man-in-the-middle attack may...

CVE-2016-9892

The esetsdaemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses ...