Friday, January 15, 18:19
Home security Bitdefender Antivirus Free 2020: Vulnerability Gives Hacker High Privileges

Bitdefender Antivirus Free 2020: Vulnerability Gives Hacker High Privileges

A vulnerability has been detected in Bitdefender Antivirus Free 2020 that allows one hacker load unsigned code that could lead to privileges.

According to Safebreach, the main issue with this product is that the code integrity protection mechanism does not start up allowing an attacker to load unsigned code. The risk here is particularly high, because the software acts as NT AUTHORITY \ SYSTEM, the most privileged user account making it access this is very important for an unauthorized person.

Bitdefender

"The vulnerability gives to hackers the ability to load and execute malicious payloads using a service. This capability can be circumvented by an attacker, for example to obtain an Application Whitelisting Bypass for purposes such as execution and tax evasion, "Safebreach says.

The main causes behind the vulnerability are the lack of secure loading DLL due to the existence of an uncontrolled search path and no digital certificate validation against the binary.

Safebreach reported the issue to Bitdefender on 17 July. The company responded immediately and was able to confirm the issue by August 14. Five days later, BitDefender published one Advisory and confirmed the CVE-2019-15295.

Bitdefender told SC Media that the issue was raised by Safebreach through the company's bug bounty program.

"We were informed of the issue and posted our advice on our website. The issue has been fixed and we automatically updated our customer base before the releases. We started our bug bounty program two years ago to increase it safety and the reliability of the code base and to offer the best security to our customers ", said Bogdan" Bob "Botezatu, Director of Research and Threat Reporting of Bitdefender.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...

Facebook: Sues Chrome extensions developers for data theft

Facebook has filed a lawsuit against two Portuguese nationals for developing Chrome extensions that collected data from Facebook users.