Security researchers at Sentinel One they discovered δύο σοβαρές ευπάθειες στα προϊόντα ασφαλείας της Avast και της AVG που υπάρχουν εδώ και 10 χρόνια και θέτουν σε κίνδυνο εκατομμύρια χρήστες. Τα τρωτά σημεία βρίσκονται στον driver anti-rootkit by Avast (which is also used by AVG).
Intruders can use vulnerabilities to capture the entire Windows system.
Avast and AVG applications are among the most widely used programs protections from viruses and the existence of the two security gaps puts many users around the world at risk from cyber attacks.
CVE-2022-26522 and CVE-2022-26523
The Anti Rootkit driver developed by Avast is supposed to protect Windows systems from installing rootkits. When the Avast bought AVG, the same driver was adopted in both protection applications.
Unfortunately, older versions of the driver had the CVE-2022-26522 and CVE-2022-26523 vulnerabilities discovered by Sentinellabs. Both vulnerabilities are labeled with a high degree of severity, as they make users' systems vulnerable to highly effective attack methods. Intruders can gain increased privileges which allows them to run code in kernel mode with normal user rights.
Security vulnerabilities not only allow permissions to increase but also disable security products, replace system components, corrupt the operating system, or run malware unhindered. This can be achieved because the anti-rootkit driver operates at the highest level of operating system privileges.
Avast was warned in December 2021
Security researchers informed Avast of their findings in December 2021. Since then the company has released updates security.
At this time, SentinelLabs has no evidence that exploit is currently in use.
According to Avast, the vulnerable driver was added to Avast 12.1, which was released in January 2012.