Communications of the ACM

Home/News/Decade-Old Bugs Discovered in Avast, AVG Antivirus.../Full Text

ACM TechNews

Decade-Old Bugs Discovered in Avast, AVG Antivirus Software

By ZDNet
May 9, 2022
Comments

View as: Print Mobile App Share:

The researchers say exploitation of the bugs could have had "far-reaching and significant" consequences.

Credit: GetApp: Bug Reporting

Researchers at cybersecurity software company SentinelOne reported two high-severity bugs in Avast and AVG antivirus products that have gone undetected for a decade.

The researchers said the flaws have existed since 2012, and could have affected "dozens of millions of users worldwide."

They found the bugs in the Avast Anti Rootkit driver, and the first vulnerability resided in a socket connection handler used by the kernel driver aswArPot.sys; hackers could hijack a variable during routine operations to escalate privileges, potentially disable security solutions, or meddle with target operating systems.

The researchers described the second bug as "very similar" to the first, and rooted in the aswArPot+0xc4a3 function.

Sentinel Labs on Dec. 20 informed Avast of the vulnerabilities, and the company had patched them by Feb. 11, with no active exploitation in the wild indicated.

From ZDNet
View Full Article

No entries found

Decade-Old Bugs Discovered in Avast, AVG Antivirus Software

Spying on Security Cameras Through Walls

Virtual and the Future of Conferences

Are You Confident in Your Backups?