Security research firm Rack911 Labs revealed in a report that 28 popular antivirus solutions have or had bugs that let attackers delete important files used by the antivirus or OS (via ZDNet).
Best & Worst Laptop Brands 2019Dell, HP security flaws leave laptops open to dangerous attacksGoogle Chrome issues critical security warning for 2 billion users: Here’s the fix
The image below, taken from Rack911 Labs’ report, shows a list of affected software programs for each major platform Among the vulnerable programs are McAfee Endpoint Security, Malwarebytes and Microsoft Defender, which is built into Windows 10. The problems stem from what is called a “symlink race,” or when a symbolic malicious link (or symlink) is linked with a legitimate one. When the higher-privileged program creates a new file with the same name as the symlink, it writes to the target program pointed to by the malicious link. Antivirus software is an especially good target for these attacks because there’s a gap from when files are scanned and determined to be malicious until the antivirus takes steps to remove any threats. The approach works across different security programs and platforms, and Rack911 Labs says the 28 vulnerable antivirus solutions were found on Macs as well as Windows 10 and Linux PCs. “It’s a very real and old problem with operating systems that allow concurrent processes,” Dr. Vesselin Bontchev, a member of the National Laboratory of Computer Virology at the Bulgarian Academy of Sciences, told ZDNet. “Many programs have been found to suffer from it in the past.”
Antivirus vulnerabilities: What’s the risk?
Security flaws in the programs tasked to keep your systems safe are certainly a cause for concern, and, unfortunately, the attacks discovered by Rack911 Labs are easy to execute. According to the security researchers, “exploiting these flaws were pretty trivial and seasoned malware authors will have no problem weaponizing the tactics.” Rack911 Labs went on to explain how easy it was to delete important files on a Windows, macOS or Linux system using the symlink technique. Doing so could cripple the antivirus software and even delete important OS files. There is some good news that might keep you from uninstalling whatever solution you use to keep your PC secure: The majority of antivirus vendors deemed to be vulnerable to the attack have fixed their flaws, according to Rack911 Labs. There are a few (unnamed) exceptions, but the best you can do right now is update whichever app you use to the latest version.
