enSilo a security researchers have discovered that AVG, McAfee, and Kaspersky have a common security bug.
This year in March, the security researchers at enSilo found a security flaw in antivirus engine AVG Internet Security 2015. The security bug creates a memory space with full RWX (read-write-execute) privileges in the predictable address space that a hacker could easily force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).
enSilo informed the AVG employees about the security flaw, and they fixed the issue within two days.
With the seriousness of the bug enSilo decided to tests the other commonly used antivirus software’s. They found the same bug in Intel Security’s McAfee Virusscan Enterprise version 8.8 and Kaspersky Total Security 2015 – 15.x.
enSilo notified each company about the security bug.
“Intel Security takes the integrity of our products very seriously. Upon learning of this particular issue, we quickly evaluated the researchers’ claims and took action to develop and distribute a solution addressing it,” an Intel Security representative told Softpedia.
Keeping the possible widespread nature of the problem in mind, enSilo has created a free checking utility called AVulnerabilityChecker, and advised every user to check that they have all the latest updates.
“We’ll continue updating this list as we receive more information,” said Tomer Bitton, VP of research at enSilo, in a blog post.
“Given that this is a repetitive coding issue amongst Anti-Virus – an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products.”