Pierluigi Paganini
March 11, 2020
The Antivirus maker Avast has disabled a major component of its antivirus engine to address a severe vulnerability that would have allowed attackers to hack into users’ PCs.
The issue was discovered by the popular white-hat hacker and Google vulnerability researcher Tavis Ormandy, it resides in the Avast’s JavaScript engine, which is an internal component of the popular antivirus.
The Avast’s JavaScript engine is used to analyze JavaScript code to detect malicious code before it is
Ormandy pointed out that the main Avast antivirus process, AvastSvc.exe, which, runs as SYSTEM.
The service loads the low level antivirus engine, and analyzes
“Despite being highly privileged and processing
The vulnerability researcher also released a tool that he used in his tests.
Ormandy explained that this flaw is trivial to exploit, an attacker could trigger it by sending to a user running the flawed antivirus a malicious JS or WSH file via email, or tricking the victims into accessing a specially-crafted that contains
The Avast antivirus would download and run the malicious JavaScript code inside its engine, allowing the execution of arbitrary code on the target computer with SYSTEM-level access.
At the time of writing, the antivirus maker has yet to address the bug with a specific patch, it only mitigated the problem by disabling the antivirus’ JavaScript component.
In a statement Avast sent to ZDNet, the antivirus maker confirmed that the mitigation action it
We have fixed this by disabling the emulator, to ensure our hundreds of millions of users are protected from any attacks. This won’t affect the functionality of our AV product, which is based on multiple security layers.” reads the statement released by the security firm.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]
