contador web Skip to content

There are about 30 antivirus programs exposed to vulnerabilities that can lead to PC crashes

Antivirus programs are designed to prevent, identify and eliminate possible "attacks", but not all of them can be fully effective. Investigators at the American cybersecurity company RACK911 Labs have identified vulnerabilities in 28 of the "most popular antivirus products today", including Microsoft Defender, McAfee Endpoint Security and Malwarebytes.

According to the news advanced by ZDNet, experts have detected vulnerabilities that allow hackers to eliminate files used by the antivirus or the operating system (OS). As a consequence, this attack can lead to computer failure or even inoperability.

Antivirus programs with the vulnerability Source: RACK911 Labs

In an interview with the website, Vesselin Bontchev, a member of the National Virus Laboratory in Computers at the Bulgarian Academy of Sciences, explains that this vulnerability is known as the "symlink race". In practice, it occurs when a malicious file is linked to a legitimate one and ends up executing malware on the original file. According to Vesselin Bontchev "a very real and old problem with operating systems that allow simultaneous processes". "Many programs have suffered from this in the past," he explained.

In the report, the specialists guarantee to have identified 28 products with this vulnerability, in Windows, MacOS and Linux.

Operating systems affected by the vulnerability Source: RACK911 Labs

According to the team, antivirus programs are particularly vulnerable to this type of attacks, due to the way they work. Why? There is a time interval, from when the files are placed and considered malicious, until the antivirus intervenes to remove the threat.

Cited by ZDNet, researchers say most companies have corrected this flaw, "with a few unfortunate exceptions". Still, the RACK911 Labs team did not disclose the names of the companies that did not.

Just last week, ZDNet reported an attack on the Portuguese store Aptoide, whose data of 20 million users were shared in a "well-known hacker forum", exposing information such as addresses or birth dates. However, the company has already come to try to ensure that it is "working to solve the problem" and announced on April 21 the launch of a new authentication system for its Android application store.