Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Serve a serious flaw in Avast Desktop Antivirus Windows application
In a Medium blog post, a security researcher published a detailed report on the serious XSS vulnerability that appeared in the Avast Desktop Antivirus application he discovered earlier this year. As explained by this expert, an attacker could easily trigger the vulnerability with WiFi SSID.
XSS is one of the common vulnerabilities on applications, especially web applications. Basically, to exploit an XSS vulnerability, an attacker will inject malicious code through scripts to execute on the client. These attacks are often used to bypass access controls and impersonate users.
Back to the vulnerability found on the Avast Desktop Antivirus application for Windows. It is possible for an attacker to attach a malicious payload to an SSID. Then, if a Windows device running Avast antivirus program connects to this WiFi network, an XSS attack will be executed.
Serve a serious flaw in Avast Desktop Antivirus Windows application Picture 1
The exploitation of this XSS vulnerability is essentially implemented thanks to an integrated feature in the Avast Desktop Antivirus application for Windows itself. By default, the app will display a notification whenever the device tries to connect to a WiFi network without going through any revision laws. So hackers can attach a malicious payload to the SSID name, then execute the malicious code.
After executing the script, a message will be displayed with the content of a fake login prompt created by the attacker. Because users will not be able to see the fake URL, many will enter their login information without even knowing they have been tricked.
The whole process of exploiting the vulnerability is described in the video below:
After the information about the flaw was posted, Avast experts immediately conducted an appraisal and confirmed it was a serious flaw, and offered a $ 5000 reward to any researcher who gave it. The most optimal patch.
The vulnerability affects not only Avast but also AVG, and is being monitored with the identifier CVE-2019-18653 for Avast and CVE-2019-18654 for AVG.
Samuel DanielYou should read it
- Troubleshoot problems with Avast Free Antivirus in Windows 10
- You will not be able to upgrade Windows 10 if you are using the old version of AVG, Avast applications
- Avast Free Antivirus 20.10.2442
- How to turn on / off Self-Defense in Avast Antivirus
- How to remove Avast SafeZone browser?
- How to Remove Avast
- Avast Software released a virus test for Mac
- How to turn off Avast antivirus software temporarily or permanently
- Avast and AVG are back on Chrome after a short time being removed
- 10 most effective antivirus software for Windows 2019
- How to Use Avast Premier
- How to remove Avast Free Antivirus software from the computer
Maybe you are interested
Instructions for installing and using Avast Free Antivirus to effectively remove viruses on your computer
Avast Secure Browser: Chromium-based browser for secure web surfing
Should you choose Brave browser or Avast Secure Browser?
Avast Free Antivirus 20.10.2442
Troubleshoot problems with Avast Free Antivirus in Windows 10
How to remove Avast Free Antivirus completely from the computer
Tech info
Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster- Facebook automatically opens the iPhone camera app, update it immediately to fix it
- iPhone and iPad Pro will be equipped with a new 3D sensor module
- Qualcomm Snapdragon 865 processor specifications leaked, 20% stronger than Snapdragon 855
- Slow loading sites will get a 'shame badge' by Google.
- Ubuntu 20.04 will be released in early 2020 with the name Focal Fossa
Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
Facebook automatically opens the iPhone camera app, update it immediately to fix it
iPhone and iPad Pro will be equipped with a new 3D sensor module
Qualcomm Snapdragon 865 processor specifications leaked, 20% stronger than Snapdragon 855
Slow loading sites will get a 'shame badge' by Google.
Ubuntu 20.04 will be released in early 2020 with the name Focal Fossa