Dylib Hijack Scanner

[hvar]

The "Dylib Hijack Scanner" flags Malwarebytes version 3 as a "vulnerable application", pointing to the use of the Alamofire used. Is this a reason for concern?

It says:

rpath vulnerability: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/FrontendAgent.app/Contents/Frameworks/Alamofire.framework/Versions/A/Alamofire

rpath vulnerability: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/SettingsDaemon.app/Contents/Frameworks/Alamofire.framework/Versions/A/Alamofire

rpath vulnerability: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app/Contents/Frameworks/Alamofire.framework/Versions/A/Alamofire

 

Dylib Hijack Scanner is available here: https://objective-see.com/products.html

[treed]

Thanks for bringing that to our attention. We'll look into that and see what we can do to mitigate this.

Note that there are many apps that are also vulnerable, including some of Apple's own apps, like Aperture, iPhoto, iMove and Xcode. Apple has put some measures in place in recent versions of macOS that significantly reduce the threat posed by these vulnerabilities, though it's still worth closing vulnerabilities wherever possible.

[treed]

I'm glad to report that this is already fixed in an update we're working on for release next month.