An intruder will not need administrator privileges to exploit an Antivirus program on a Windows operating system.
Basically, the way an Antivirus works is to get high privileges for scanning all the files and directories of a device, to find unknown and malicious files, so that it can move them to an isolated environment.
The process of exploiting this vulnerability is relatively simple, especially for an experienced one hacker. However, in order to be successful, it must be done at the right time. If the intruder manages to find the exact moment to carry out the attack, then he can gain access to the system.
Security researchers took advantage of the vulnerability in McAfee Endpoint Security for Windows and managed to delete the file EpSecApiLib.dll, as shown in the video below.
Exploitation macOS & Linux
The researchers also tried to take advantage of the vulnerability in the Antivirus program Norton Internet Security for macOS and downloaded it EICAR test-string by Pastebin to bypass real-time protection, which prevents the test-string from being taken from Norton's official website.
While taking the test string from Pastebin, Antivirus immediately spotted the process as malware and tried to stop it.
The researchers were able to take advantage of Antivirus programs on Linux and were able to delete important files.
All affected Antivirus suppliers have been updated and almost all have already fixed this error in their products.
The users it is recommended that they immediately install the latest Antivirus program update they are using.