IBM Kernel-Based Vulnerability Discovered

Researchers have discovered a kernel-based vulnerability in a driver bundled with IBM Trusteer Rapport for MacOS, according to a recently published advisory from Trustwave. If exploited, the vulnerability could elevate privileges on the local machine, allowing an attacker to subvert or disable Trusteer altogether. According to Trustwave, its researchers worked with IBM throughout the disclosure process. When IBM was unable to provide a patch during the 90-day disclosure policy, Trustwave reportedly extended it an additional 30 days. “Unfortunately, that was also not enough time to develop a patch, and we feel it's important to alert the public about this issue,” Trustwave’s Neil Kettle wrote in a blog post.