Jump to content

Recommended Posts

Posted

One of Google's security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched.

 

The researcher is Tavis Ormandy, one of Google's Project Zero engineers, the same man that discovered a similar zero-day exploit in Kaspersky's antivirus exactly a month ago.

 

According to Ormandy's research, the bug manifested itself when users would access Web pages protected through HTTPS connections.

 

Avast was performing a "legal" MitM for SSL connections

 

Because the Avast antivirus would tap into encrypted traffic so it could scan for threats but was using a faulty method for parsing X.509 certificates, this would have allowed attackers (if aware of the issue) to execute code on the users' computer.

 

The only condition was that users would access a malicious HTTPS website, which is not such a far-fetched scenario.

 

Ormandy released a proof-of-concept on Project Zero's Google Group after the antivirus company issued a fix.

 

Kaspersky, FireEye, and now Avast

 

This is the third antivirus solution that we've seen with a zero-day vulnerability in the past 30 days.

 

We previously reported on Kaspersky, which included a zero-day bug that allowed an attacker to easily infiltrate the victim's computer, and gain system-level privileges, allowing him to carry on any kind of attacks without restrictions.

 

This was followed by FireEye's antivirus engine, which had a zero-day that provided unauthorized remote root file system access, flaw found in a PHP script which runs on a Web-facing Apache server.

 

None was exploited in the wild, and neither does the Avast bug seem to have been.

 

UPDATE: Avast says: "We have released a fix via virus definition updates last week. There is no action required by the user."

 

 

Source:

http://news.softpedia.com/news/zero-day-exploit-found-in-avast-antivirus-493958.shtml

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...