Jump to content
  • Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus

    aum

    • 479 views
    • 2 minutes
     Share


    • 479 views
    • 2 minutes

    Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions.

     

    "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researcher Kasif Dekel said in a report shared with The Hacker News.

     

    Tracked as CVE-2022-26522 and CVE-2022-26523, the flaws reside in a legitimate anti-rootkit kernel driver named aswArPot.sys and are said to have been introduced in Avast version 12.1, which was released in June 2016.

     

    Specifically, the shortcomings are rooted in a socket connection handler in the kernel driver that could lead to privilege escalation by running code in the kernel from a non-administrator user, potentially causing the operating system to crash and display a blue screen of death (BSoD) error.

     

    Worryingly, the flaws could also be exploited as part of a second-stage browser attack or to perform a sandbox escape, leading to far-reaching consequences.

     

    Following responsible disclosure on December 20, 2021, Avast addressed the issues in version 22.1 of the software released on February 8, 2022. "Rootkit driver BSoD was fixed," the company said in its release notes.

     

    While there is no evidence that these flaws were abused in the wild, the disclosure comes merely days after Trend Micro detailed an AvosLocker ransomware attack that leveraged another issue in the same driver to terminate antivirus solutions on the compromised system.

     

    Update: SentinelOne notes that the bug dates back to version 12.1, which it claims was released in January 2012. However, Avast's own release notes show that version 12.1 was shipped in June 2016. We have reached out to SentinelOne for further comment, and we'll update the story once we hear back.

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...