Update your AntiVirus software and you won't have to worry

Subject: General Tech | December 10, 2015 - 01:37 PM |
Tagged: security, avg, Kaspersky, mcafee

To reverse the usual order, the good news is that AVG fixed the issue a while ago, as have Intel, owner of McAfee, as well as Kaspersky.  The bad news is that this exploit is rather nasty and was completely avoidable with a bit of forethought.  Of all the programs to follow a predictable pattern, AV software is the last one you would want to see do so.  There is a tool over at github to allow you to check your own vulnerability.  Personal machines should be good to go but as The Register mentions, at least one Enterprise level AV program is vulnerable and those definitions are often updated along a different path that consumer level products. 

Chances are you are safe, but you should probably double check.

View Full Size

"In March, researchers at security firm enSilo found a serious flaw in popular free antivirus engine AVG Internet Security 2015. They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Video News


December 10, 2015 | 02:27 PM - Posted by TekWarfare (not verified)

How do people find this stuff out? Damn you, crazy intelligent programmers.

December 11, 2015 | 01:17 PM - Posted by Anonymous (not verified)

This is a poorly written article.

December 11, 2015 | 02:09 PM - Posted by Jeremy Hellstrom

and this is a poorly written criticism

December 13, 2015 | 10:39 PM - Posted by Anonymous (not verified)

In that other Anonymous' defense that was awkward to read.

I had no idea what vulnerability was being talked about and yet you were saying it was fixed.

either way, all is well and a vulnerability being fixed is a good thing in my book.

December 14, 2015 | 12:26 PM - Posted by Jeremy Hellstrom

Didn't feel the need to repeat the info in the quote "They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system."

I'll think about better ways to point that sort of thing out.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.