Ένας από τους τεχνικούς ασφάλειας της Google ανακάλυψε ένα zero-day exploit στον code by Avast antivirus.
The researcher is Tavis Ormandy, one of Google's Project Zero security technicians, the same person who discovered a similar zero-day exploit in Kaspersky's antivirus just a month ago.
Σύμφωνα με την έρευνα του Ormandy, το σφάλμα εκδηλώνεται όταν οι χρήστες έχουν πρόσβαση σε websites which are protected by HTTPS connections.
Τα antivirus της Avast αξιοποιούν την κρυπτογραφημένη κίνηση για να μπορούν να ανιχνεύσουν πιθανές απειλές, φέρεται όμως, σύμφωνα με τον ερευνητή ότι χρησιμοποιούν μια ελαττωματική μέθοδο για την analysis of X.509 certificates. This allows attackers (if they know about it) to execute malicious code on the user's computer.
The only condition for the implementation of the malicious code is to access a malicious website using HTTPS, which is not such a far-fetched scenario.
Ormandy also released one Vulnerability PoC (PoC) on a Google page.
This is the third antivirus that turns out to contain zero-day vulnerability over the last 30 days.
We have referred to Kaspersky in the past, which included a zero-day bug that allowed an attacker to easily penetrate the victim's computer, gain system privileges, allowing him to carry out all sorts of unrestrained attacks.
The next was FireEye's antivirus, which contained a zero-day that gave unauthorized remote root access to the file system.
Meanwhile, Avast has reported that it has released an update that fixes the problem, and no action is required from the end user.
