Sign In

Communications of the ACM

ACM TechNews

Decade-Old Bugs Discovered in Avast, AVG Antivirus Software

View as: Print Mobile App Share:

The researchers say exploitation of the bugs could have had "far-reaching and significant" consequences.

Credit: GetApp: Bug Reporting

Researchers at cybersecurity software company SentinelOne reported two high-severity bugs in Avast and AVG antivirus products that have gone undetected for a decade.

The researchers said the flaws have existed since 2012, and could have affected "dozens of millions of users worldwide."

They found the bugs in the Avast Anti Rootkit driver, and the first vulnerability resided in a socket connection handler used by the kernel driver aswArPot.sys; hackers could hijack a variable during routine operations to escalate privileges, potentially disable security solutions, or meddle with target operating systems.

The researchers described the second bug as "very similar" to the first, and rooted in the aswArPot+0xc4a3 function.

Sentinel Labs on Dec. 20 informed Avast of the vulnerabilities, and the company had patched them by Feb. 11, with no active exploitation in the wild indicated.

From ZDNet
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account