The Antivirus maker Avast has disabled a major component of its antivirus engine to address a severe vulnerability that would have allowed attackers to hack into users’ PCs.
The issue was discovered by the popular white-hat hacker and Google vulnerability researcher Tavis Ormandy, it resides in the Avast’s JavaScript engine, which is an internal component of the popular antivirus.
Wow – Avast decided to disable their JavaScript interpreter globally!
— Tavis Ormandy (@taviso) March 11, 2020
The vulnerability report they mention wasn't just me, it was a Project Zero collaboration with @natashenka
I think this is the right decision, it was a *lot* of attack surface. https://t.co/iFyry17HD0
The Avast’s JavaScript engine is used to analyze JavaScript code to detect malicious code before it is
Ormandy pointed out that the main Avast antivirus process, AvastSvc.exe, which, runs as SYSTEM.
The service loads the low level antivirus engine, and analyzes
“Despite being highly privileged and processing ”
The vulnerability researcher also released a tool that he used in his tests.
I have something fun for you, I pulled the javascript interpreter out of Avast and ported it to Linux
— Tavis Ormandy (@taviso) March 9, 2020
This runs unsandboxed as SYSTEM, any vulns are wormable pre-auth RCE on 400M endpoints ¯_(ツ)_/¯https://t.co/vGrfke7fPdpic.twitter.com/gk1VpvHQ16
Ormandy explained that this flaw is trivial to exploit, an attacker could trigger it by sending to a user running the flawed antivirus a malicious JS or WSH file via email, or tricking the victims into accessing a specially-crafted that contains
The Avast antivirus would download and run the malicious JavaScript code inside its engine, allowing the execution of arbitrary code on the target computer with SYSTEM-level access.
At the time of writing, the antivirus maker has yet to address the bug with a specific patch, it only mitigated the problem by disabling the antivirus’ JavaScript component.
In a statement Avast sent to ZDNet, the antivirus maker confirmed that the mitigation action it
We have fixed this by disabling the emulator, to ensure our hundreds of millions of users are protected from any attacks. This won’t affect the functionality of our AV product, which is based on multiple security layers.” reads the statement released by the security firm.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]