Free and safe? Avast antivirus has put you in danger for 10 years

avast bug

Antiviruses are those programs that focus on protecting our computers and stored data against all kinds of malicious code. However, its reliability is sometimes questioned due to errors such as the one we are going to talk about now in the popular Avast and AVG.

As a general rule, this type of software is endorsed by some important security firm that has been protecting our computers for a few years. Precisely for this reason, many users still choose to use the projects of these companies instead of Windows Defender. Perhaps the easiest thing would be to leave the antivirus that comes by default in the Microsoft operating system, Windows, running. But as we told you, many prefer other third-party solutions to protect their PCs.

A clear example of all this can be found in the avast antivirus . In fact, here we find one of the most popular security proposals. The same is true of the alternative AVG. These are two solutions security software which are trusted by a large number of users all over the world. We are talking precisely about these two titles for two security flaws discovered Recently.

We mean that two security vulnerabilities of high severity have been found in both programs. The most curious thing about all this is that these failures went unnoticed for years. It is worth mentioning that the vulnerabilities have been located in a legitimate driver that is part of the antivirus of Avast and AVG. Needless to say, these long-standing security issues are a serious inconvenience for responsible firms.

Two Avast antivirus vulnerabilities have lasted 10 years

To give you a better idea of ​​what we are talking about, say that these vulnerabilities allow attackers to increase their permissions. Thus, they can disable these security productsoverwrite system components, corrupt the system, or perform malicious operations no impediments. We know all this thanks to statements by the SentinelOne security researcherKasif Dekel.

These two vulnerabilities, labeled CVE-2022-26522 and CVE-2022-26523, are specifically found in a legitimate antirootkit kernel driver called aswArPot.sys. It is speculated that these were introduced in version 12.1 of the Avast antivirus that was released in January 2012. As it is easy to guess, these security flaws have accompanied antivirus for many years and versions of these.

Of course, we must bear in mind that after these security flaws were made public, Avast addressed them in version 22.1 of the antivirus. This was released last February where they claim to have fixed the BSoD rootkit driver. At the same time it is worth knowing that initially there is no evidence that these vulnerabilities have been exploited. But despite all this, they are still two major security flaws pinned in antivirus of more than enough reputation, and that they have been there for more than 10 years.