Antivirus maker Avast disabled a JavaScript-engine – major component of its antivirus product after Information security specialist of the Google Project Zero Tavis Ormandy detected a dangerous vulnerability in Czech antivirus.
The problem affects the JavaScript engine of the company’s antivirus, which is used to analyze JavaScript code for malware before it can be executed in the browser or email client.Any vulnerabilities in this process are critical and easy to exploit for remote attackers. And by default, the JavaScript engine does not function in the sandbox”, – write the researcher.
At the beginning of this week, the expert unveiled a tool that he used to analyze Avast antivirus, and told about the detected problem. So, it turned out that it was enough to send the malicious JS or WSH file to the Avast user by e-mail or by tricking the victim into gaining access to malicious JavaScript.
As a result, when the antivirus downloads and runs malicious JavaScript code inside its own custom engine, malicious operations with SYSTEM-level permissions will be performed on the computer (for example, malware can be installed in the system).
Although Ormandy notified Avast engineers about the problem a week ago, and there is still no patch for the vulnerability. However, the antivirus developers decided temporarily disable the JavaScript anti-virus scan option until a fix is ready.
Last Wednesday, March 4, an expert from Google, Tavis Ormandy, informed us of a vulnerability affecting one of our emulators. The vulnerability could potentially be used for remote code execution. On March 9, he released a tool that greatly simplified vulnerability analysis in the emulator. We fixed the [problem] by disabling the emulator to provide hundreds of millions of our users with protection against any attacks. This will not affect the functionality of our product, based on several security levels,” – commented Avast developers on ZDNet.
Ormandy discovered the Avast antivirus bug using a tool he developed in 2017; this allows him to port Windows DLL files to Linux, where automated fuzzing and other security tests can be carried out more easily.
It seems that Avast Antivirus claims to be the most compromised information security product of the year. Only recently, we wrote about a scandal in which media accused the Czech antivirus of selling user data. Consider interesting alternatives for now.