For The Register, Richard Chirgwin reports on a remote code execution vulnerability in MacKeeper: Pop-up pest MacKeeper patches 0-day remote code execution vuln. The vulnerability is discussed at more length in a SecureMac advisory.
The MacKeeper article advises that users run MacKeeper Update Tracker so as to get a patched version.
Chirgwin suggests that Mac users annoyed by MacKeeper’s reputation for persistent and aggressive pop-up marketing will take some pleasure in the company’s embarrassment. However I wonder how many of the product’s many users will get to hear about the Proof of Concept attack (which MacKeeper’s article doesn’t actually mention) and take appropriate measures.
Small Blue-Green World