Hi Everyone,
In July 2017, security researcher Patrick Wardle presented a vulnerability at DEF-CON about how to perform a privilege escalation attack on MacOS by using 3rd party installers such as Sophos.
Sophos published an article at the time about how to check the validity of our installer manually.
In the latest version of On Premise software, we have implemented security changes to start mitigating this vulnerability. Part of this is to ensure the permissions of several paths are the correct OS default, to prevent this exploit. Unlike Sophos Central, Enterprise Console managed endpoints will check for these risks and notify the user if they are detected, rather than blocking the install.
This is a call to action for Administrators to correct the security issue in the coming months, as we will make this a mandatory security requirement in the next release, which will stop updating if a client is not corrected.
It has come to our attention that DeployStudio, a system imaging tool, sets permissions incorrectly on the OS, which can cause it to fail this check. DeployStudio is working on a version that corrects the issue in the initial deployment, and a script which can be used during deployment now to prevent this issue. Please refer the following KBA for more details.
Sophos Anti-Virus for Mac: On Premise MacOS installer folder security warning
This thread was automatically locked due to age.