Researchers at cybersecurity software company SentinelOne reported two high-severity bugs in Avast and AVG antivirus products that have gone undetected for a decade.
The researchers said the flaws have existed since 2012, and could have affected "dozens of millions of users worldwide."
They found the bugs in the Avast Anti Rootkit driver, and the first vulnerability resided in a socket connection handler used by the kernel driver aswArPot.sys; hackers could hijack a variable during routine operations to escalate privileges, potentially disable security solutions, or meddle with target operating systems.
The researchers described the second bug as "very similar" to the first, and rooted in the aswArPot+0xc4a3 function.
Sentinel Labs on Dec. 20 informed Avast of the vulnerabilities, and the company had patched them by Feb. 11, with no active exploitation in the wild indicated.
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA