![]() SentinelOne has released technical details for both vulnerabilities, which have been rated “high severity” and which allow an attacker with limited privileges on the targeted system to execute code in kernel mode and take complete control of the device. However, SentinelOne pointed out that air-gapped or on-premises installations that are not automatically updated could still be vulnerable, and users have been advised to ensure that the patches are installed as soon as possible.ĬVE-2022-26522 and CVE-2022-26523 appear to have been introduced with the release of Avast 12.1 in January 2012.Ĭonsidering that the flaws have been present in the Avast antivirus for a decade, SentinelOne estimates that millions of users were at risk, and warned that malicious actors could still seek out those users whose antiviruses may not have been updated. “Coordinated disclosure is an excellent way of preventing risks from manifesting into attacks, and we encourage participation in our bug bounty program,” the antivirus firm added. We recommend our Avast and AVG users constantly update their software to the latest version to be protected,” Avast told SecurityWeek in a statement. “Avast and AVG users were automatically updated and are protected against any risk of exploitation, although we have not seen the vulnerabilities abused in the wild. The security holes were reported to Avast in December and they were patched in February with the release of version 22.1.īoth SentinelOne and Avast said they have not seen any attacks exploiting these vulnerabilities. ![]() ![]() ![]() Researchers at endpoint security firm SentinelOne have discovered two potentially serious vulnerabilities in antivirus products from Avast and AVG.Īccording to SentinelOne, the two vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, impacted both Avast and AVG antiviruses - Avast acquired AVG in 2016 and the flaws affect a shared anti-rootkit driver. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |