Critical security vulnerability detected in top antivirus apps
From Kaspersky to Quick Heal, all antivirus programs take out malicious programs well before they compromise the whole PC. They all work swiftly. But, if a new report from security researchers at RACK911 Labs is anything to go by, often times antiviruses themselves suffer from vulnerabilities that can leave your entire system unusable. Here's all you need to know about it.
28 programs found vulnerable to symlink race bugs
After analyzing several antiviruses over the last two years, RACK911 Labs found that 28 of the most popular programs, including Microsoft Defender, McAfee Endpoint Security, and Malwarebytes, either suffer or have suffered from common symlink race bugs. The vulnerability, which has been described as a 'very real and old problem', works across Windows, macOS, and Linux machines, ZDNet reported.
So, what do these bugs do?
According to the researchers, symlink race bugs can be exploited in the interval between scanning a file for viruses and actually removing it. Basically, during this short window, an attacker could use symbolic links and directory junctions to link malicious files with legitimate ones. This way, the malicious file is replaced with a mixed 'symlink' on the PC.
Then, the attacker can crash your PC
Once an attacker manages to create a symlink on your PC, they could use it to execute malicious actions without coming under the radar of the antivirus in use. If the symlink is created by linking a malicious files with a higher-privilege item, the attacker could carry out Elevation-of-Privilege attacks, deleting files used by the operating system and, therefore, rendering it unusable.
Most vendors informed, patches issued
The researchers notified all the antivirus vendors whose products were found to be vulnerable to symlink bugs. Most of them, the company says, have issued patches for the glitch, but some unnamed ones still remain unfixed. That said, for now, the best way to avoid this attack is to have your antivirus system and its databases updated.