Researchers have discovered a kernel-based vulnerability in a driver bundled with IBM Trusteer Rapport for MacOS, according to a recently published advisory from Trustwave. If exploited, the vulnerability could elevate privileges on the local machine, allowing an attacker to subvert or disable Trusteer altogether.
According to Trustwave, its researchers worked with IBM throughout the disclosure process. When IBM was unable to provide a patch during the 90-day disclosure policy, Trustwave reportedly extended it an additional 30 days.
“Unfortunately, that was also not enough time to develop a patch, and we feel it's important to alert the public about this issue,” Trustwave’s Neil Kettle wrote in a blog post.
The Trustwave SpiderLabs Security Advisory TWSL2018-012 stated: “IBM Trusteer Rapport is an advanced endpoint protection solution designed to protect users from financial malware and phishing attacks. Using industry-leading technology, Trusteer Rapport is designed to defend against MitBattacks, remove malware from endpoint devices and protect customers by preventing them from entering phishing sites. Trusteer Rapport offers a broad security solution that can help your organization reduce costs, enhance your fraud detection and prevention, and help to provide a seamless customer experience.”
The vulnerability, which is caused by a signedness bug issue, was initially reported to the vendor on August 15, 2018. The 90-day deadline was extended on November 14, but on December 17, IBM confirmed that no patch was available, at which point Trustwave published the vulnerability advisory.
In lieu of a patch, Kettle wrote that “the risk of this vulnerability is slightly mitigated by requiring local access, so those affected are recommended to verify that only authorized users can log in to those systems," the risk of the vulnerability being exploited can be slightly mitigated.
In addition, he wrote, “security awareness training can also help prevent local malware or social engineering attacks. Finally, you may want to step up auditing of any affected systems for signs of infection.”