Two higher-severity security vulnerabilities, which went undetected for various years, have been uncovered in a authentic driver which is part of Avast and AVG antivirus alternatives.
“These vulnerabilities let attackers to escalate privileges enabling them to disable security solutions, overwrite system elements, corrupt the working method, or accomplish malicious functions unimpeded,” SentinelOne researcher Kasif Dekel said in a report shared with The Hacker Information.
Tracked as CVE-2022-26522 and CVE-2022-26523, the flaws reside in a respectable anti-rootkit kernel driver named aswArPot.sys and are explained to have been introduced in Avast version 12.1, which was launched in June 2016.
Particularly, the shortcomings are rooted in a socket link handler in the kernel driver that could lead to privilege escalation by managing code in the kernel from a non-administrator person, perhaps triggering the operating technique to crash and display a blue display of loss of life (BSoD) mistake.
Worryingly, the flaws could also be exploited as section of a 2nd-stage browser attack or to accomplish a sandbox escape, foremost to much-reaching penalties.
Following accountable disclosure on December 20, 2021, Avast dealt with the issues in variation 22.1 of the software program launched on February 8, 2022. “Rootkit driver BSoD was fixed,” the organization stated in its launch notes.
Even though there is no evidence that these flaws had been abused in the wild, the disclosure arrives basically days after Pattern Micro specific an AvosLocker ransomware attack that leveraged a different issue in the identical driver to terminate antivirus remedies on the compromised program.
Observed this posting attention-grabbing? Follow THN on Facebook, Twitter and LinkedIn to examine more unique content we write-up.
Some areas of this post are sourced from: