1. Computing

Another flaw discovered in a security software product — this time it’s Avast

By

workplace engagement mobility avast offices logo sign hq headquarters
Dangerous flaws have been discovered in the Avast SafeZone browser by antivirus provider Avast, making it the next in a long line of security companies recently that have had vulnerabilities found in their products.

Avast SafeZone, also known as Avastium, is based on the open source Chromium browser and comes with Avast’s subscription to its antivirus software.

Last December, Google Project Zero security researcher Tavis Ormandy notified the company of flaws he found in the browser that could allow an attacker to access stored passwords and local files. He made his notification public this week.

According to Ormandy, a user can fall prey to someone accessing their browser if they click on a malicious website set up by the attacker. Ormandy created a proof of concept attack that could exploit someone’s C:/ drive and access files. He also discovered that Avast’s browser had removed a “critical security check” from Chromium that would help in preventing these kinds of attacks.

“Putting this all together, if an Avast user using *any* Web browser visits an attacker controlled URL, he can launch Avastium and take complete control of it; reading files, cookies, passwords, everything,” said Ormandy. “He can even take control of authenticated sessions and read email, interact with online banking, etc.”

Avast published a patch for the vulnerability this week after Ormandy gave a 90-day period before going public.

Ormandy has been busy of late discovering holes and bugs in security software. This week he went public with flaws in Comodo’s browser, which is also based on Chromium while before that he published research into Malwarebytes that showed it was susceptible to man in the middle attacks.

Several antivirus and security vendors have come under scrutiny in the last few weeks for flaws in their software. Kaspersky Lab, McAfee, and AVG all had flaws discovered in their software recently.

Editors' Recommendations

Oculus Quest 2 refresh has more storage, costs the same

vr workouts distractions keep you fit opinion oculus quest 2 virtual reality headset 3 of 4

How to block text messages on iOS and Android

how to block text messages

Apple iPhone 13 vs. iPhone 12: What are the big differences?

Person using the all new iPhone 13.

Battlefield 2042’s delay shows how much Cyberpunk 2077 scared publishers

A helicopter flies over tanks in Battlefield 2042.

You won’t believe how cheap this 27-inch monitor is today

The 27-inch Dell S2721H monitor with a nature scene on the screen.

Every major video game delay that’s happened in 2021 already

A World War 2 plane flies over Battlefield 2042's robots.

Turbo Overkill is Doom meets Titanfall meets … chainsaw leg?

The player is leaping down onto a rooftop, firing rockets as they go.

The Apple Watch Series 7 rumors were wrong, and here’s why I’m glad they were

Apple Watch Series 7 sleep data.

This powerful solar generator is down to $180 at Amazon today

FF Flashfish 300W Solar Generator on a white background.

AirPods, Apple Watch, iPad just got MAJOR price cuts at Amazon

The Apple AirPods Pro inside their wireless charging case.

Dreaming of an OLED TV? This 55-inch 4K TV deal will make it a reality

LG 55-inch C1 4K TV on a white background.

This is the cheapest (good) 43-inch 4K TV you can buy today

50 inch tcl 4 series 4k tv deal best buy black friday 2020 featured image large

This top-rated emergency solar generator is only $245 today

Progeny 300W Portable Power Station on a white background.