Project Zero specialist Tavis Ormandy discovered a dangerous vulnerability in Avast antivirus. The problem affects the JavaScript engine of the company’s antivirus, which is used to analyze JavaScript code for malware before it can be executed in the browser or email client.

Ormandy writes that any vulnerabilities in this process are critical and easy to use for remote attackers. And by default, the JavaScript engine does not function in the sandbox.

At the beginning of this week, the expert unveiled a tool that he used to analyze Avast antivirus, and told about the detected problem. So, it turned out that it was enough to send the malicious JS or WSH file to the Avast user by e-mail or by tricking the victim into gaining access to malicious JavaScript. As a result, when the antivirus downloads and runs malicious JavaScript code inside its own custom engine, malicious operations with SYSTEM-level permissions will be performed on the computer (for example, malware can be installed on the system).

Although Ormandy notified Avast engineers about the problem a week ago, there is still no patch for the vulnerability. But the anti-virus developers decided to temporarily disable the JavaScript anti-virus scan option until a fix is ​​ready.

“Last Wednesday, March 4, an expert from Google, Tavis Ormandy, informed us of a vulnerability affecting one of our emulators. The vulnerability could potentially be used for remote code execution. On March 9, he released a tool that greatly simplified vulnerability analysis in the emulator.
We fixed the [problem] by disabling the emulator to provide hundreds of millions of our users with protection against any attacks. This will not affect the functionality of our product, based on several security levels, ”Avast developers commented on ZDNet .

Join our WhatsApp group

Twitter:  Rapidsafeguard
Instagram: Rapidsafeguard
Facebook: Theeasyhack
YouTube: Rapidsafeguard
LinkedIn: Rapidsafeguard

LEAVE A REPLY

Please enter your comment!
Please enter your name here