Google’s Project Zero engineer Tavis Ormandy has recently found a serious zero-day in Avast antivirus. Last month he found some in the famous Kaspersky antivirus. According to Ormandy,the bug implemented itself when the user visited web pages through https connection. Because the Avast antivirus would tap into encrypted traffic so it could scan for threats but was using a faulty method for parsing X.509 certificates, this would have allowed attackers (if aware of the issue) to execute code on the users’ computer. The only condition was that users would access a malicious HTTPS website, which is not such a far-fetched scenario for phishers. Ormandy released a proof-of-concept on Project Zero’s Google Group after the antivirus company issued a fix. This is not the first time that antivirus has been found Vulnerable to attacks. Almost a month ago, similar issues were found in Kaspersky antivirus which could lead an attacker to gain administrator privileges on a victim’s computer. Same was the case with FireEye’s antivirus engine. It had a zero-day that provided unauthorized remote root file system access, a flaw found in a PHP script that runs on a Web-facing Apache server. It is good news that none of these have been maliciously exploited yet.Avast has announced that they have released a patch by an update of virus definitions.
