Google security researchers have uncovered a potential design flaw in Avast’s antivirus software that could have been used to remotely hack a PC.
On Monday, Google researcher Tavis Ormandy publicized the problem, which deals with Avast’s antivirus engine “AvastSvc.exe.” The program is built to analyze your computer’s untrusted data in local files and network traffic for suspected malware. However, Ormandy noticed it may have been possible to trick AvastSvc.exe into running malicious code. That’s because the same program has the highest system privileges, and will also run without any isolation from the rest of the operating system.
“Despite being highly privileged and processing untrusted input by design, it is unsandboxed and has poor mitigation coverage. Any vulnerabilities in this process are critical,” Ormandy wrote in his post about the design flaw.
“If you find a vulnerability, it is likely critical and wormable,” Ormandy added in his post.
It isn’t the first time Ormandy has warned about such threats. In 2017, he and Google security researcher Natalie Silvanovich found a similar vulnerability in Microsoft’s Windows Defender; if the software scanned a specially crafted file, Windows Defender could automatically be triggered into running malicious computer code. “This is crazy bad,” Ormandy tweeted at the time. Fortunately, Microsoft was quick to roll out a patch.