Avast: badly removed the JavaScript interpreter

Avast deactivated an element in its suite that, ironically, posed a significant security risk.

The software developer disabled the JavaScript interpreter in its toolbox when Tavis Ormandy of Google Project Zero and his associates alerted the company to "pick up" imperfections in the code.

Avast

According to Avast, Ormandy discovered a vulnerability that allowed remote code execution in the software, the details of which had not been made public.

Five days later, Google released a shell that could provide more information about Avast's JavaScript vulnerability to those interested in evaluating the suite from viruses.

It also revealed that if attackers were able to exploit any holes in Avast's JS in of the victim, they could run malicious applications on that computer with system-admin privileges.

It should be noted that Ormandy did not reveal specific errors.

A few days after the launch of the analysis tool, the company chose to catentirely within the JavaScript emulator. According to the company, its removal will not significantly affect the suite's ability to detect malware . The company's quick action was applauded by Ormandy.

A praise from the security community for Avast has been something very difficult lately. After the data sale scandal, the company found itself in the spotlight again when it was revealed that the AntiTrack tool contained errors which could allow man-in-the-middle attacks to monitor supposedly secure connections.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).