enSilo: Some of the biggest names in security software can be infringed by a serious flaw that allows a hacker to use a commercial security code to penetrate computers.
In March, Israeli researchers companyς ασφαλείας enSilo ανακάλυψαν ένα σοβαρό ελάττωμα στη free application ασφαλείας AVG Internet Security 2015. Διαπίστωσαν ότι το software εκχωρούσε δικαιώματα μνήμης για ανάγνωση, να εγγραφής και να εκτέλεσης (RWX) σε μια προβλέψιμη address που ένας εισβολέας θα μπορούσε να χρησιμοποιήσει για να πε΄ρασει κακόβουλο κώδικα σε ένα σύστημα στόχο.
EnSilo contacted AVG and the bug was repaired in the coming days. However, the company continued the investigation into other security suites and found that McAfee VirusScan Enterprise in the 8.8 and Kaspersky Total Security 2015 versions were also vulnerable.
"We will continue to update this list when we have more information," said Tomer Bitton, enSilo VP, in a publication.
“This error is a recurring Anti-Virus coding issue. We believe that this vulnerability is also likely to appear in other popular ones products, which are not related to security.”
Due to the possible widespread nature of the problem, enSilo has created a free audit tool called AVulnerabilityChecker. The tool is available in Github for anyone who wants to use it.
https://github.com/BreakingMalware/AVulnerabilityChecker
Intel, owned by McAfee, and Kaspersky have already corrected their vulnerability.
So every user of these products should download and install all the latest updates.