Subject: General Tech | December 10, 2015 - 01:37 PM | Jeremy Hellstrom
Tagged: security, avg, Kaspersky, mcafee
To reverse the usual order, the good news is that AVG fixed the issue a while ago, as have Intel, owner of McAfee, as well as Kaspersky. The bad news is that this exploit is rather nasty and was completely avoidable with a bit of forethought. Of all the programs to follow a predictable pattern, AV software is the last one you would want to see do so. There is a tool over at github to allow you to check your own vulnerability. Personal machines should be good to go but as The Register mentions, at least one Enterprise level AV program is vulnerable and those definitions are often updated along a different path that consumer level products.
Chances are you are safe, but you should probably double check.
"In March, researchers at security firm enSilo found a serious flaw in popular free antivirus engine AVG Internet Security 2015. They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system."
Here is some more Tech News from around the web:
- Motorola’s X Force awakens a seemingly ‘shatterproof’ future @ The Register
- Graphene Super Caps: Coming Soon? @ Hack a Day
- AMD contributes to over 30% of ASMedia Technology 3Q15 revenues @ DigiTimes
- Old school Fibre Channel gets new lesson in NVMe treatment @ The Register
- Google says its quantum computer is 100 million times faster than PC @ The Register
- Wordpress hosting service WP Engine has been hacked @ The Inquirer
- Fixing Mistakes in Git @ Linux.com
- Microsoft leaks Xboxlive SSL server cert @ The Register
- SoftMaker brings its Office 2016 suite to Linux @ The Inquirer
- Emoji - A New Universal Language @ Hardware Secrets