Avast has decided to disable a major comportment of its antivirus software after a security researcher discovered a dangerous vulnerability that could put all of the company’s users at risk.
In a GitHub page containing the tool he used to analyze the company’s antivirus software, Ormandy explained just how serious the security flaw is, saying:
“Despite being highly privileged and processing untrusted input by design, it is unsandboxed and has poor mitigation coverage. Any vulnerabilities in this process are critical, and easily accessible to remote attackers.”
Due to the fact that most antivirus software has system level access, once Avast antivirus downloaded one of these malicious files into its own custom engine, an attacker could easily execute malicious operations on a user’s computer. For instance, if an attacker exploited this security flaw, they would then have the ability to install malware on an Avast user’s device.
As of now, there is no news as to when a patch will be ready but Avast did reach out to ZDNet with the following comment, which reads:
“Last Wednesday, March 4, Google vulnerability researcher Tavis Ormandy reported a vulnerability to us affecting one of our emulators. The vulnerability could have potentially been abused to carry out remote code execution. On March 9, he released a tool to greatly simplify vulnerability analysis in the emulator. We have fixed this by disabling the emulator, to ensure our hundreds of millions of users are protected from any attacks. This won’t affect the functionality of our AV product, which is based on multiple security layers.”