• 16 Apr 2020

    Advisory: CVE-2020-10947 - Sophos Anti-Virus for macOS privilege escalation

    Overview A privilege escalation vulnerability was discovered and responsibly disclosed on 17 August, 2019 by Lasse Trolle Borup of Danish Cyber Defence that impacted specific versions of Sophos Anti-Virus for macOS. All supported versions were fixed by 5 December 2019. The only action required for customers is to verify they are running the fixed version. Description of Vulnerability An unprivileged, authenticated...
    • 12 Mar 2020

    Sophos Comments to CVE-2020-9363

    Overview There are many possible ways to create a corrupted archive file that remains readable to some unpacking tools, while not being readable by other tools, including endpoint protection products in general. These endpoint protection products will only be able to detect malware hidden inside corrupted archives when the contents of the archive are unpacked by the 3rd party tool using on-access scanning technology...
    • 28 Jan 2020

    Surveillance Apps

    Surveillance apps, also known as Stalkerware, possess powerful surveillance functions, and thus, can be used to spy on users and their online activity. The Surveillance App category covers a range of aggressive monitoring software and commercial spyware designed to spy on users. Even though Surveillance Apps can be marketed as parental monitoring software, their ability to work in stealth mode, sometimes disguised...
    • 16 Oct 2019

    Advisory: CVE-2019-17059: Cyberoam Firewall Remote Code Execution Vulnerability

    Overview A critical shell injection vulnerability in Sophos Cyberoam Firewall appliances running CyberoamOS (CROS) version 10.6.6 MR-5 and earlier was recently discovered and responsibly disclosed to Sophos by an external security researcher. The vulnerability can be potentially exploited by sending a malicious request to either the Web Admin or SSL VPN consoles, which would enable an unauthenticated remote attacker...
    • 16 Oct 2019

    Exim CVE-2019-15846 and Sophos Products

    Overview CVE-2019-15846 outlines a vulnerability in Exim whereby a specially crafted SNI ending can be utilized to run arbitrary code on the vulnerable server This vulnerability is not exploitable on any Sophos products, see the table below for more information. Sophos Email Products and CVE-2019-15846 Product Vulnerable Further information Sophos XG Firewall No The TLS headers that are used...