Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Experts Found Long-Standing Bugs in Avast and AVG Antiviruses

Now Reading
Experts Found Long-Standing Bugs in Avast and AVG Antiviruses

SentinelOne specialists found bugs in Avast and AVG antiviruses related to their common anti-rootkit protection driver (aswArPot.sys). Vulnerabilities appeared in the code with the release of Avast 12.1, back in 2012, and all this time remained unnoticed.

Let me remind you that we also reported that Chinese hackers use McAfee antivirus for spreading the malware, and that ESET fixed a serious vulnerability in its products for Windows.

Bugs in Avast and AVG antiviruses were discovered in December 2021, received the identifiers CVE-2022-26522 and CVE-2022-26523, and affect Avast and AVG antiviruses. Since Avast acquired AVG in 2016, the problems appeared to be related to the generic anti-rootkit protection driver. Currently, the vulnerabilities have already been fixed: they were addressed back in February 2022 with the release of version 22.1.

SentinelOne said the vulnerabilities were assessed as “severe” because they allowed an attacker with limited privileges on the system to execute code in kernel mode and eventually take full control of the device.

These vulnerabilities can be launched from sandboxes and used in a context other than simple local privilege escalation. For example, vulnerabilities can be used in the second stage of a browser attack or to escape from a sandbox. Among the obvious abuses of such problems is bypassing security solutions. These vulnerabilities allow attackers to escalate privileges, disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unhindered.the researchers write.

Bugs in Avast and AVG antiviruses

Experts have no evidence that hackers abused these vulnerabilities, but it is noteworthy that the information about the bugs was published just a few days after Trend Micro detailed the AvosLocker malware, which used a different problem in its attacks in the same driver to disable anti-virus products.

Similar to previously documented malware and ransomware groups, AvosLocker takes advantage of the different vulnerabilities that have yet to be patched to get into organizations’ networks. Once inside, the continuing trend of abusing legitimate tools and functions to mask malicious activities and actors’ presence grows in sophistication. In this case, the attackers were able to study and use Avast’s driver as part of their arsenal to disable other vendors’ security products.TrendMicro experts said in their study.
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response