Critical security vulnerability detected in top antivirus apps

After analyzing several antiviruses over the last two years, RACK911 Labs found that 28 of the most popular programs, including Microsoft Defender, McAfee Endpoint Security, and Malwarebytes, either suffer or have suffered from common symlink race bugs.

The vulnerability, which has been described as a 'very real and old problem', works across Windows, macOS, and Linux machines, ZDNet reported.

According to the researchers, symlink race bugs can be exploited in the interval between scanning a file for viruses and actually removing it.

Basically, during this short window, an attacker could use symbolic links and directory junctions to link malicious files with legitimate ones.

This way, the malicious file is replaced with a mixed 'symlink' on the PC.

Once an attacker manages to create a symlink on your PC, they could use it to execute malicious actions without coming under the radar of the antivirus in use.

If the symlink is created by linking a malicious files with a higher-privilege item, the attacker could carry out Elevation-of-Privilege attacks, deleting files used by the operating system and, therefore, rendering it unusable.

The researchers notified all the antivirus vendors whose products were found to be vulnerable to symlink bugs.

Most of them, the company says, have issued patches for the glitch, but some unnamed ones still remain unfixed.

That said, for now, the best way to avoid this attack is to have your antivirus system and its databases updated.