The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SecureAnywhere

computer vulnerability bulletin CVE-2018-16962

Webroot SecureAnywhere: privilege escalation via macOS

Synthesis of the vulnerability

An attacker can bypass restrictions on macOS of Webroot SecureAnywhere, in order to escalate his privileges.
Impacted products: SecureAnywhere.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 13/09/2018.
Identifiers: CVE-2018-16962, VIGILANCE-VUL-27228.

Description of the vulnerability

An attacker can bypass restrictions on macOS of Webroot SecureAnywhere, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 17821

Webroot SecureAnywhere Mobile Protection: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Webroot SecureAnywhere Mobile Protection, in order to read or write data in the session.
Impacted products: SecureAnywhere.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 07/09/2015.
Identifiers: VIGILANCE-VUL-17821.

Description of the vulnerability

The Webroot SecureAnywhere Mobile Protection product uses the TLS protocol, in order to create secure sessions.

However, the X.509 certificate and the service identity are not correctly checked.

An attacker can therefore act as a Man-in-the-Middle on Webroot SecureAnywhere Mobile Protection, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SecureAnywhere: