Google security expert Tavis Ormandy found a 0day vulnerability to avast antivirus that could allow an attacker to hack into a user's computer and execute malicious code on a user's computer.
Tavis Ormandy recently found a serious 0day vulnerability on Avast antivirus software. And just last month, it was he who discovered the 0day vulnerability on Kaspersky. According to Ormandy's research, the newly discovered 0day vulnerability would be self-executing when a user accesses a webpage over HTTPS.
Discovery of Avast 0day Vulnerability
Because Avast can do a threat scan for encrypted traffic, it's a bad way to parse the certificate, which leaves the hacker with an opportunity to attack. If a hacker is aware of the problem, then he could exploit the vulnerability to execute code on the user's computer.
And avast this way of detecting HTTPS, it works in the application scenario, is nothing more than a user to visit a malicious HTTPS Web page, but from the point of view of phishing pages, more far-fetched.
There are 0day vulnerabilities in the anti-virus software company not only Avast, Kaspersky, FireEye also had
This is not the first time antivirus companies have been found to have security vulnerabilities. Just one months ago, the same problem appeared on Kaspersky, and a vulnerability on Kaspersky could lead to an attacker gaining an administrator-privileged account of the victim's computer.
Coincidentally, FireEye antivirus software also has a 0day vulnerability, the attacker can unauthorized access to the system root directory, the discovery of the vulnerability was run on the Apache server PHP script found.
At present, the above loopholes have not been exploited maliciously, this is also a good news. And Avast has also announced a patch to fix updates to their antivirus software.
Anti-virus software Avast exposed to serious 0day vulnerabilities