Friday, 2 October 2015

Avast Close Criticism SSL Vulnerability In Anti-Virus Software

The Czech anti-virus company Avast has a critical vulnerability in the anti-virus software patched it was discovered by a researcher from Google and which allowed an attacker to execute arbitrary code by users. The problem arose in Web Shield, part of the anti-virus software.

The virus Avast scans the contents of this web traffic. To be able to check via HTTPS encrypted traffic install the anti-virus software an own root certificate. A controversial practice that was also used by the Super Fish-adware. The way Avast this had been implemented made ​​it possible for websites to execute arbitrary code on the system remotely via a specially crafted SSL certificate.

The vulnerability was discovered by Google researcher Tavis Ormandy, who also significant problems in the anti-virus software from Sophos, ESET and Kaspersky Lab discovered. Ormandy warned Avast on September 25 and yesterday evening the virus fighter rolled an update for the problem. The researcher shows via Twitter, however, know that there are still more arrive.

No comments:

Post a Comment