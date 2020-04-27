From Kaspersky to Quick Heal, all antivirus programs take out malicious programs well before they compromise the whole PC. They all work swiftly. But, if a new report from security researchers at RACK911 Labs is anything to go by, often times antiviruses themselves suffer from vulnerabilities that can leave your entire system unusable. Here's all you need to know about it.

Issue 28 programs found vulnerable to symlink race bugs

After analyzing several antiviruses over the last two years, RACK911 Labs found that 28 of the most popular programs, including Microsoft Defender, McAfee Endpoint Security, and Malwarebytes, either suffer or have suffered from common symlink race bugs. The vulnerability, which has been described as a 'very real and old problem', works across Windows, macOS, and Linux machines, ZDNet reported.

Impact So, what do these bugs do?

According to the researchers, symlink race bugs can be exploited in the interval between scanning a file for viruses and actually removing it. Basically, during this short window, an attacker could use symbolic links and directory junctions to link malicious files with legitimate ones. This way, the malicious file is replaced with a mixed 'symlink' on the PC.

Risk Then, the attacker can crash your PC

Once an attacker manages to create a symlink on your PC, they could use it to execute malicious actions without coming under the radar of the antivirus in use. If the symlink is created by linking a malicious files with a higher-privilege item, the attacker could carry out Elevation-of-Privilege attacks, deleting files used by the operating system and, therefore, rendering it unusable.

Fix Most vendors informed, patches issued