HackDig : Dig high-quality web security articles

Zero-Day Exploit Found in Avast Antivirus

2015-10-07 10:10

One of Google's security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched.

The researcher is Tavis Ormandy, one of Google's Project Zero engineers, the same man that discovered a similar zero-day exploit in Kaspersky's antivirus exactly a month ago.

According to Ormandy's research, the bug manifested itself when users would access Web pages protected through HTTPS connections.

Avast was performing a "legal" MitM for SSL connections

Because the Avast antivirus would tap into encrypted traffic so it could scan for threats but was using a faulty method for parsing X.509 certificates, this would have allowed attackers (if aware of the issue) to execute code on the users' computer.

The only condition was that users would access a malicious HTTPS website, which is not such a far-fetched scenario.

Ormandy released a proof-of-concept on Project Zero's Google Group after the antivirus company issued a fix.

Kaspersky, FireEye, and now Avast

This is the third antivirus solution that we've seen with a zero-day vulnerability in the past 30 days.

We previously reported on Kaspersky, which included a zero-day bug that allowed an attacker to easily infiltrate the victim's computer, and gain system-level privileges, allowing him to carry on any kind of attacks without restrictions.

This was followed by FireEye's antivirus engine, which had a zero-day that provided unauthorized remote root file system access, flaw found in a PHP script which runs on a Web-facing Apache server.

None was exploited in the wild, and neither does the Avast bug seem to have been.

Off-topic: If you're looking for advice on what security product to use, in the discussion that followed on Twitter after Avast announcement, Ormandy surprisingly recommended Windows Defender as a good solution to use.

We have contacted Avast for comments.

Avast was vulnerable to remote code execution via HTTPS connections
Avast was vulnerable to remote code execution via HTTPS connections


Source: 3chZXYt4WatQmb19mZtQXavxGc4VWL5FGZt8mclp3LzdXZu9SbvNmLhlGZlBHdm92cuM3dl52LvoDc0RHa/ca.ssr.dps

Read:8790 | Comments:0 | Tags:Security Virus exploit

“Zero-Day Exploit Found in Avast Antivirus”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3