News

Google investigation exposes critical flaw in ESET virus scanners

By admin
Spread the love

A Google security researcher has discovered a critical vulnerability in antivirus software from the company ESET. Malicious persons can exploit the bug in the so-called remote mini-filter to gain full access to a system undetected.

The mini-filter in various ESET software packages, including antivirus and security packages, is intended to intercept and analyze the data traffic to and from a hard disk or SSD. Code is emulated if it is executable, after which the ESET software can check whether the code is dangerous or not. However, according to Google researcher Tavis Ormandy, the mini-filter is not robust enough, allowing an attacker to launch malicious code by generating I/O traffic on a system. Because this is hardly noticeable and no user interaction is required, a system can be attacked and taken over in silence from a distance.

On Windows systems, according to Ormandy, attackers can gain administrative privileges by accessing the ekrn.exe process. OS X and Linux systems can inherit the esets daemon which has root privileges.

Ormandy claims that he discovered the vulnerability in the ESET security software with only a few days of work and was able to exploit it. He has also published an exploit. Slovakian ESET released updates to the affected software on June 22 to address the issue.

Update, Thursday, 07.23: ESET reports fixing the vulnerability three days after the report.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable