A security researcher has discovered a critical problem with MacKeeper, the controversial software for the Mac.
I've already said my piece about MacKeeper — I don't think Mac users need it, and the developer's aggressive marketing tactics leave a bad taste in my mouth. If you need more evidence that you should stay away from it, MacKeeper is now the target of a new zero-day vulnerability security advisory.
For the uninitiated, MacKeeper is an app you'll see plastered on pop-under ads around the Internet, especially in sleazy places like porn sites. The software purports to rid your Mac of junk you don't need, free up space and make it run better. To be frank, nothing that MacKeeper does is anything you can't do yourself for free. But that doesn't stop millions of Mac users from downloading and using the software. Some of them end up in the shop I work at on the weekends, asking for help to get rid of it because their Macs get screwed up.
SecureMac reports that MacKeeper's most recent release (as of this posting), version 3.4, has a flaw that enables remote code execution if a user visits a specially crafted web page. Security researcher Braden Thomas is credited with discovering the flaw.
Mr. Thomas released a proof-of-concept (POC) demonstrating how visiting a specially crafted webpage in Safari causes the affected system to execute arbitrary commands – in this case, to uninstall MacKeeper. This flaw appears to be caused by a lack of input validation by MacKeeper when executing commands using its custom URL scheme.
I have no doubt the developer will patch this exploit, but it's another good reason to stay away from MacKeeper and other software of this ilk. Software that requires "root" permission on your Mac is actively discouraged by Apple. In fact, Apple won't allow such software to be sold at all on the Mac App Store. That's one reason why you have to download MacKeeper yourself from a web site.
Bottom line: stay away from MacKeeper. It's just more trouble than it's worth.
(Nick Arnott contributed to this article.)