CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Flaws in Avast, AVG Antiviruses Could Have Facilitated Attacks on Millions of Devices

Researchers at endpoint security firm SentinelOne have discovered two potentially serious vulnerabilities in antivirus products from Avast and AVG.

Researchers at endpoint security firm SentinelOne have discovered two potentially serious vulnerabilities in antivirus products from Avast and AVG.

According to SentinelOne, the two vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, impacted both Avast and AVG antiviruses — Avast acquired AVG in 2016 and the flaws affect a shared anti-rootkit driver.

The security holes were reported to Avast in December and they were patched in February with the release of version 22.1.

Both SentinelOne and Avast said they have not seen any attacks exploiting these vulnerabilities.

“Avast and AVG users were automatically updated and are protected against any risk of exploitation, although we have not seen the vulnerabilities abused in the wild. We recommend our Avast and AVG users constantly update their software to the latest version to be protected,” Avast told SecurityWeek in a statement.

“Coordinated disclosure is an excellent way of preventing risks from manifesting into attacks, and we encourage participation in our bug bounty program,” the antivirus firm added.

However, SentinelOne pointed out that air-gapped or on-premises installations that are not automatically updated could still be vulnerable, and users have been advised to ensure that the patches are installed as soon as possible.

CVE-2022-26522 and CVE-2022-26523 appear to have been introduced with the release of Avast 12.1 in January 2012.

Advertisement. Scroll to continue reading.

Considering that the flaws have been present in the Avast antivirus for a decade, SentinelOne estimates that millions of users were at risk, and warned that malicious actors could still seek out those users whose antiviruses may not have been updated.

SentinelOne has released technical details for both vulnerabilities, which have been rated “high severity” and which allow an attacker with limited privileges on the targeted system to execute code in kernel mode and take complete control of the device.

“Due to the nature of these vulnerabilities, they can be triggered from sandboxes and might be exploitable in contexts other than just local privilege escalation. For example, the vulnerabilities could be exploited as part of a second stage browser attack or to perform a sandbox escape, among other possibilities,” SentinelOne said.

The company added, “Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products.”

Related: High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices

Related: Vulnerability Prompts Avast to Disable Emulator Used by Antivirus

Related: ESET Patches High-Severity Vulnerability in Windows Applications

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.