• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers disclose 10 year old vulnerabilities in avast and avg antivirus

Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus

You are here: Home / General Cyber Security News / Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus
May 5, 2022

Two higher-severity security vulnerabilities, which went undetected for various years, have been uncovered in a authentic driver which is part of Avast and AVG antivirus alternatives.

“These vulnerabilities let attackers to escalate privileges enabling them to disable security solutions, overwrite system elements, corrupt the working method, or accomplish malicious functions unimpeded,” SentinelOne researcher Kasif Dekel said in a report shared with The Hacker Information.

Tracked as CVE-2022-26522 and CVE-2022-26523, the flaws reside in a respectable anti-rootkit kernel driver named aswArPot.sys and are explained to have been introduced in Avast version 12.1, which was launched in June 2016.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Particularly, the shortcomings are rooted in a socket link handler in the kernel driver that could lead to privilege escalation by managing code in the kernel from a non-administrator person, perhaps triggering the operating technique to crash and display a blue display of loss of life (BSoD) mistake.

Vulnerabilities in Avast and AVG Antivirus

Worryingly, the flaws could also be exploited as section of a 2nd-stage browser attack or to accomplish a sandbox escape, foremost to much-reaching penalties.

Following accountable disclosure on December 20, 2021, Avast dealt with the issues in variation 22.1 of the software program launched on February 8, 2022. “Rootkit driver BSoD was fixed,” the organization stated in its launch notes.

Even though there is no evidence that these flaws had been abused in the wild, the disclosure arrives basically days after Pattern Micro specific an AvosLocker ransomware attack that leveraged a different issue in the identical driver to terminate antivirus remedies on the compromised program.

Observed this posting attention-grabbing? Follow THN on Facebook, Twitter  and LinkedIn to examine more unique content we write-up.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «heroku forces user password resets following github oauth token theft Heroku Forces User Password Resets Following GitHub OAuth Token Theft
Next Post: The Importance of Defining Secure Code the importance of defining secure code»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.