However this does not preclude a workable exploit being possible if an attacker were able to bypass KASLR on the versions of OSX/macOS supported by SecureAnywhere.Īny exploit would result in local kernel mode code execution. Of course the exploitability of the issue is somewhat limited in that the original value of the memory address dereferenced must be (int) -1. _text:0000000000002BEC 008 cmp dword ptr, 0FFFFFFFFh arbitrary dereference As such, the issue arms an attacker with a write-what-where kernel gadget with the caveat that the original value of the memory referenced by the pointer must be equal to (int) -1. The issues root cause is an arbitrary user-supplied pointer being read from and potentially written too. Trustwave recently discovered a locally exploitable issue in the macOS version of the Webroot SecureAnywhere solution.