F-Secure Fixes Serious Vulnerability in Antivirus Products

  • 0

F-Secure Fixes Serious Vulnerability in Antivirus Products

Category : Blog

F-Secure Fixes Serious Vulnerability in Antivirus Products

F-Secure Corporation (formerly Data Fellows) is a Finnish cyber security and privacy company based in Helsinki, Finland. The company has 20 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia. The company develops and sells antivirus, password management, endpoint security, and other cyber security products and services.

F-Secure has fixed a severe vulnerability in its home and enterprise antivirus products that could have allowed an attacker to execute malicious code on the user’s machine and take over affected PCs

The actual vulnerability doesn’t affect F-Secure directly, but the 7-Zip file archiving software, which F-Secure uses to decompress archives, scan them for threats, and repackage the original file.

 

F-Secure

 

Vulnerability really resides in 7-Zip

A security researcher going by the pseudonym of “landave” discovered this particular vulnerability (CVE-2018-10115) in March and worked with 7-Zip team to fix the problem.

This was landave’s third vulnerability affecting 7-Zip after he previously also discovered CVE-2017-17969 and CVE-2018-5996. Similarly, the researcher found two 7-Zip-related bugs affecting the Bitdefender antivirus last year, in 2017.

 

7-Zip

 

Vulnerability exploited via poisoned RAR file

According to a technical write-up explaining the 7-Zip vulnerability in more detail, the 7-Zip bug can be exploited by creating a malformed RAR archive that when decompressed triggers the execution of malicious code on a user’s computer.

Since F-Secure antivirus products automate some of these file decompression operations during their scanning procedure, exploiting this bug was as trivial as tricking a malicious user into accessing a malicious URL that initiated a file download.

Landave says that F-Secure products will automatically scan every newly downloaded file that’s under 5MB in size, meaning that once the download of the malicious RAR file finishes, the malicious code inside the RAR exploits CVE-2018-10115 and runs malicious operations on the user’s computer.

 

exploited

 

Exploit chain bypasses ASLR

The researcher says that even if F-Secure implemented Address Space Layout Randomisation (ASLR), a security feature to prevent such exploits, he was able to find a bypass that would allowed him to run the attack regardless.

F-Secure users don’t have to take any action to receive this update unless they’ve turned off the auto-update feature. A list of affected products is included in this F-Secure security advisory. Only F-Secure for Windows versions were affected, and not the company’s Mac and Linux products.

 

ASLR

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Leave a Reply

Show Buttons
Hide Buttons