SentinelOne identifies 10-year-old vulnerabilities in Avast and AVG antiviruses
May 2022 by SentinelOne
First identified by SentinelLabs (the threat intelligence division of SentinelOne), the vulnerabilities remained undiscovered for a decade, and risked compromising the security of users.
• The vulnerabilities allowed attackers to escalate privileges.
• As a result, security products could be disabled, system components could be overwritten, operating systems could be corrupted, or attackers could perform other malicious activities unimpeded.
• The vulnerabilities were first reported to Avast in December 2021, and they have since issued discreet security updates to rectify the issue
• SentinelLabs tracked the vulnerabilities as CVE-2022-26522 and CVE-2022-26523.
• No in-the-wild abuse cases were noted by SentinelLabs as of late.