Some of these vulnerabilities can be chained together to allow remote code execution as root.
The vulnerabilities described here are present from at least v1.9.2 (released 2/19/2015) through version 2.0.2, (released 4/22/16).
The way that Mc Afee centralizes everything in e PO server is by having a e PO agent running on the client and that agent connects to the server to get policies, inform about the status, infections, updates and so on.
So I dissected (ctrl c plus Pacifist did most of the magic) the crappy installer and found out that: For managing software in our clients I use Munki so once we know all this the task is simple.
The task of administering the antivirus for all this workstation is done by our Mc Afee administrator using the ‘e Policy Orchestrator’ console, also called e PO among friends.When I noticed all these, I decided to take a look.Before getting into the details of the vulnerabilities in this product, it helps to have a quick understanding of the system architecture.According to Apple’s security documents, the passcode entered by the user is combined with a device identifier to create a key used to encrypt and decrypt user data.A built-in time delay prevents an unauthorized user from trying too many passcodes too quickly, and too many bad passcode attempts will cause the phone to erase itself.You can build a custom pkg to drop the keys into the keydata folder and check whether the keys were installed or not based on the receipt (Munki’s default).