News

AVG toolbar enabled attack on Internet Explorer users

By admin
Spread the love

The toolbar of the AVG security software actually exposed Internet Explorer users to more risks. Toolbar users were vulnerable to an attack that deployed ActiveX objects.

The vulnerability could have allowed an attacker to execute code on a user’s system in practice, researchers at Carnegie Mellon University warn. To do this, however, a user would have to be tricked into opening a page that contains code that exploits the vulnerability. Ironically, the toolbar is precisely intended to prevent users from being attacked from websites.

The security issue was caused by multiple errors by the toolbar creators. In practice, any website could call an ActiveX object that came with the software. In addition, the object does not run in the Internet Explorer sandbox and users do not have to click before the object is activated, which causes code to run automatically.

The makers of AVG have included a limitation in an update to the toolbar, which comes with many free software, so that only AVG websites are allowed to use the functionality. Those who want to be completely free from the security problem can disable the affected ActiveX object.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support