Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Kaspersky, AVG & McAfee compromised by a serious security flaw!  (Read 603 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Some of the biggest names in the security software business have been compromised by a serious flaw that could allow a hacker to use the commercial security code to infiltrate computers.

In March, researchers at security firm enSilo found a serious flaw in popular free antivirus engine AVG Internet Security 2015. They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system.

enSilo got in touch with AVG and the flaw was fixed within a couple of days. But the team then went through other security suites and found that McAfee VirusScan Enterprise version 8.8 and Kaspersky Total Security 2015 were also vulnerable.

"We'll continue updating this list as we receive more information," said Tomer Bitton, VP of research at enSilo, in a blog post: http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations

"Given that this is a repetitive coding issue amongst Anti-Virus – an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products."

This isn't a theoretical attack vector. Google's in-house hacker Tavis Ormandy found a similar issue with Kaspersky and wrote a blog post detailing how to exploit the problem: http://googleprojectzero.blogspot.co.il/2015/09/kaspersky-mo-unpackers-mo-problems.html

Given the possible widespread nature of the problem, enSilo has created a free checking utility called "AVulnerabilityChecker" and stuck it on Github for anyone to use: https://github.com/BreakingMalware/AVulnerabilityChecker
Intel, owner of McAfee, and Kaspersky have now fixed the issue, but users are advised to check that they have all the latest updates.

(ElReg)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising