Multiple antivirus apps are vulnerable to common security flaws

At least 28 apps were exposed until recent fixes.

Sponsored Links

Man installing software in laptop in dark at night. Hacker loading illegal program or guy downloading files. Cyber security, piracy or virus concept.
Tero Vesalainen via Getty Images

Some antivirus tools are more resilient than others, but it appears that many of them had weaknesses in common. Rack911 Labs has revealed (via ZDNet) that 28 well-known antivirus programs, including Microsoft Defender, McAfee Endpoint Security and Malwarebytes, either had or have bugs that would let attackers delete necessary files and prompt crashes that could be used to install malware. Known as “symlink races,” they use symbolic links and directory junctions to link malicious files to legitimate ones during the time between scanning a file for viruses and when it’s removed.

The approach not only works across security suites, but across platforms. You just need different techniques on Linux PCs and Macs, Rack911 said.

Intruders would still need to download and run the necessary code before launching a symlink race, so this is more of a tool to facilitate an existing breach than start it. Researchers also noted that most of the vendors (including AVG, F-Secure, McAfee and Symantec) have fixed the bugs, some of them quietly.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

This still leaves a few (currently unnamed) antivirus clients vulnerable, though. Rack911 also warned that taking advantage of the bugs was “trivial.” This could reduce the effectiveness of antivirus software and make malware that much more effective for attackers who know the bugs exist. You’ll want to update your security software, then, even if it’s just to reduce the potential damage should someone compromise your system.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Multiple antivirus apps are vulnerable to common security flaws