McAfee, Kaspersky and AVG Anti-virus Softwares Vulnerable
Posted by: Timothy Weaver on 12/14/2015 10:41 AM
[
Comments
]
Kaspersky, McAfee and AVG have all been shown to have a significant vulnerability by enSilo, the Israel-based cyber-security startup.
These giants of the enterprise antivirus software game were all subject to the same coding issue. The softwares would allocate memory for read and write, as well as execute permissions with an address that an attacker could easily predict and then proceed to inject code into the target system.
Tomer Bitton, vice president of research at enSilo, wrote in a recent blog post, “The enSilo product alerted on a product collision with AVG, also installed in the customer's environment. A follow-up investigation conducted by our researchers revealed a flaw in AVG.”
Bitton described what he saw as the essential problem: “The anti-virus companies adopted a coding malpractice which essentially defeats Windows' mitigations against application exploitation.” This meant that the anti-virus products could conceivably become an “attacker's vehicle into taking complete control of the underlying Windows system”.
enSilo has released a tool that will tell if a system is vulnerable. Bitton said that the problem probably is not isolated to anti-virus software: “Due to the prevalence of this issue in anti-virus products, we can assume that this issue is replicated across other intrusive applications.”
Kaspersky said that they had released a patch in September. “The vulnerability couldn't be exploited by itself with code execution and privilege escalation, but could have simplified the exploitation of 3rd party application vulnerabilities, such as stack based buffer-overflow,” it said.
McAfee also commented that, "Intel Security takes the integrity of our products very seriously. Upon learning of this particular issue, we quickly evaluated the researchers' claims and took action to develop and distribute a solution addressing it. This solution was distributed to customers in a patch on August 26, 2015. We are not aware of any customers targeted with an exploit of the issue in question."
Source: SCMagazine
These giants of the enterprise antivirus software game were all subject to the same coding issue. The softwares would allocate memory for read and write, as well as execute permissions with an address that an attacker could easily predict and then proceed to inject code into the target system.
Tomer Bitton, vice president of research at enSilo, wrote in a recent blog post, “The enSilo product alerted on a product collision with AVG, also installed in the customer's environment. A follow-up investigation conducted by our researchers revealed a flaw in AVG.”
Bitton described what he saw as the essential problem: “The anti-virus companies adopted a coding malpractice which essentially defeats Windows' mitigations against application exploitation.” This meant that the anti-virus products could conceivably become an “attacker's vehicle into taking complete control of the underlying Windows system”.
enSilo has released a tool that will tell if a system is vulnerable. Bitton said that the problem probably is not isolated to anti-virus software: “Due to the prevalence of this issue in anti-virus products, we can assume that this issue is replicated across other intrusive applications.”
Kaspersky said that they had released a patch in September. “The vulnerability couldn't be exploited by itself with code execution and privilege escalation, but could have simplified the exploitation of 3rd party application vulnerabilities, such as stack based buffer-overflow,” it said.
McAfee also commented that, "Intel Security takes the integrity of our products very seriously. Upon learning of this particular issue, we quickly evaluated the researchers' claims and took action to develop and distribute a solution addressing it. This solution was distributed to customers in a patch on August 26, 2015. We are not aware of any customers targeted with an exploit of the issue in question."
Source: SCMagazine
Comments
