10-Year-Old Flaws With Avast and AVG Antivirus Let Attacker to Escalate Privileges
SentinelOne’s Kasif Dekel has chanced on and publicly disclosed two contemporary high-severity security vulnerabilities in Avast and AVG antivirus products.
The two vulnerabilities are tracked as CVE-2022-26522 and CVE-2022-26523 affecting a sound driver that is passe by both Avast and AVG AV alternatives.
Right here’s what Kasif Dekel acknowledged:-
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite diagram parts, dumb the working diagram, or diagram malicious operations unimpeded.”
Bugs get been reported within the anti-rootkit kernel driver named aswArPot.sys, an authenticated model of “Avast Anti-Rootkit” from AVAST Instrument. As of June 12, 2012, Avast 12.1, which is successfully the most fresh model of the driver, has been launched.
There is the chance that a malicious attacker would possibly presumably additionally glean end aid of these vulnerabilities to escalate privileges and seemingly disable antivirus capabilities.
The security flaw pertains to a socket connection handler within the kernel driver, which would possibly presumably additionally give non-administrator users privilege escalation. Therefore, the sector will be ready to lead to the blue show veil of demise error and break the working diagram.
Flaws
It looks that the vulnerability (CVE-2022-26522) resides in a routine in a socket connection handler that is passe by the kernel driver aswArPot.sys. And hereby instigating a socket connection it is that you just would possibly presumably presumably bring to mind to trigger the pain.
As for the 2d vulnerability, it is additionally tracked as CVE-2022-26523 and lies within the aswArPot+0xbb94 function staunch devour the first one.
There is a chance that the failings can lead to a 2d-stage browser assault that enables the exploitation of the sandbox to flee flaws.
Mitigation
Millions of users all over the keep the area are tormented by these highly extreme vulnerabilities. Customers of Avast and AVG will be ready to robotically receive the contemporary patch (model 22.1) all throughout the coming weeks robotically.
While the patch would possibly presumably additionally neutral nonetheless be utilized as quickly as that you just would possibly presumably presumably bring to mind for users of on-premise or air-gapped installations.
It’s a identified fact that coordinated disclosure is an improbable formula of battling risks from falling into the palms of attackers. Experts get a worm bounty program that they encourage you to be half of for.
You would possibly presumably additionally prepare us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity and hacking recordsdata updates.
Source credit : cybersecuritynews.com