Recently, Avast disclosed a security breach aimed at its CCleaner app. Once again, Avast made it to the news due to a security vulnerability. Specifically, a researcher spotted an XSS vulnerability in the Avast Desktop Antivirus tool for Windows, reporting which even won him a hefty bounty.
XSS Vulnerability In Avast Desktop Antivirus
In a Medium blog post, a security researcher highlighted an XSS vulnerability in the Avast Desktop Antivirus which he discovered earlier this year. According to his findings, an attacker could simply trigger the vulnerability with WiFi SSIDs.
In brief, he found that a potential attacker could include a malicious payload into an SSID name. Then, if a Windows device running Avast antivirus would connect to this network, the antivirus would execute the XSS.
The exploit basically worked due to a feature in the Avast antivirus program for Windows. By default, the program displayed a pop-up notification whenever the device attempts to connect to a WiFi network. As it used to display the SSID name without sanitization, it was possible for any potential attacker to inject a malicious payload into the SSID name, which would then execute.
Following the script execution, the pop-up notification would then display a fake login prompt created by the attacker. Since the targeted user would see no URL, the victim would be more likely to believe it safe to enter their login credentials.
For further clarification, the researcher demonstrated the attack in the following video.
Avast Awarded $5000 Bounty
After discovering the vulnerability, the researcher YoKo Kho reported the matter to Avast. The firm promptly acknowledged the flaw and later confirmed it to be a serious vulnerability.
Subsequently, Avast awarded a bounty of $5000 to the researcher!
The vulnerability not only affected Avast but also AVG. So, the flaws have received CVE numbers CVE-2019-18653 for Avast, and CVE-2019-18654 for AVG.
Furthermore, the firm also fixed the vulnerability with the release of Avast 19.4.
Recently, we have also reported about a privilege escalation vulnerability in Bitdefender Antivirus Free 2020, and Comodo Antivirus. Whereas the Android Antivirus apps are also no exception to such vulnerabilities.