Jump to content

Zero-Day Exploit Found in Avast Antivirus


Batu69

Recommended Posts

Avast was vulnerable to malicious HTTPS connections

zero-day-exploit-found-in-avast-antiviru

Avast was vulnerable to remote code execution via HTTPS connections

One of Google's security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched.

The researcher is Tavis Ormandy, one of Google's Project Zero engineers, the same man that discovered a similar zero-day exploit in Kaspersky's antivirus exactly a month ago.

According to Ormandy's research, the bug manifested itself when users would access Web pages protected through HTTPS connections.

Avast was performing a "legal" MitM for SSL connections

Because the Avast antivirus would tap into encrypted traffic so it could scan for threats but was using a faulty method for parsing X.509 certificates, this would have allowed attackers (if aware of the issue) to execute code on the users' computer.

The only condition was that users would access a malicious HTTPS website, which is not such a far-fetched scenario.

Ormandy released a proof-of-concept on Project Zero's Google Group after the antivirus company issued a fix.

Kaspersky, FireEye, and now Avast

This is the third antivirus solution that we've seen with a zero-day vulnerability in the past 30 days.

We previously reported on Kaspersky, which included a zero-day bug that allowed an attacker to easily infiltrate the victim's computer, and gain system-level privileges, allowing him to carry on any kind of attacks without restrictions.

This was followed by FireEye's antivirus engine, which had a zero-day that provided unauthorized remote root file system access, flaw found in a PHP script which runs on a Web-facing Apache server.

None was exploited in the wild, and neither does the Avast bug seem to have been.

Off-topic: If you're looking for advice on what security product to use, in the discussion that followed on Twitter after Avast announcement, Ormandy surprisingly recommended Windows Defender as a good solution to use.

We have contacted Avast for comments.

Srsly Avast? If you're gonna mitm chrome's SSL at least get an intern to skim your X.509 parsing before shipping it. pic.twitter.com/1zA1E0qnuo — Tavis Ormandy (@taviso) September 25, 2015

Avast rolled out an update for the ssl interception bug I reported last week, fixed in under 7 days. More to come. https://t.co/lXajHKVJNf — Tavis Ormandy (@taviso) October 1, 2015

@InsanityBit MSE/Windows Defender isn't a *complete* mess, and it's free, and has a reasonably competent security team... — Tavis Ormandy (@taviso) September 25, 2015

Source

Link to comment
Share on other sites


  • Replies 1
  • Views 981
  • Created
  • Last Reply
Avast was performing a "legal" MitM for SSL connections

If I allow anyone to snoop inside my TLS connections, I deserve to be hacked.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...