0 기록
We found results matching "0" in 0 ms

Avast AntiTrack certificate errors make it possible for others to spy on your online activities

Apr. 2, 2020

A vulnerability impacting Avast and AVG AntiTrack privacy software opened up user PCs to Man-in-The-Middle attacks, browser session hijack, and data theft. 

 

Disclosed by David Eade on March 9, the security researcher said the security flaw, tracked as CVE-2020-8987, is a certification validation issue that affects Avast AntiTrack before 1.5.1.172 and AVG AntiTrack before 2.0.0.178. 

 

Attackers do not need local access to trigger the vulnerability, and no special software configuration needs to be in place. 

 

Avast's AntiTrack software is designed to block advertising trackers and to prevent "invasive" monitoring of your online habits. However, a set of three security failures undermined these goals. 

 

The first issue has been caused by a failure to check the validity of certificates presented to end servers. In these cases, self-signed, malicious certificates may be missed, permitting attackers to launch MiTM attacks. 

 

The second security problem outlined by the researcher is how Avast AntiTrack downgrades browser security protocols to TLS 1.0. Even if a web server supports TLS 1.2, the software will ignore these settings and make connections to TLS 1.0 websites -- and when it comes to browsers that have been configured to only reach websites supporting the higher standard, Avast's software should not ignore such direction.

 

The third problem is a failure for AntiTrack to honor browser cipher suites or Forward Secrecy, a means to ensure session keys are not compromised.

 

Eade disclosed the security problems to Avast on August 7, 2019. After several months, the vulnerabilities were dealt with internally, but it was not until 9 March 2020 that a public patch had been deployed for both Avast and AVG AntiTrack, both of which share a similar core code.

 

Avast thanked the researcher for his findings, saying that the vulnerability has now been patched in Avast AntiTrack version 1.5.1.172 and AVG AntiTrack version 2.0.0.178. The update has now been pushed out to users.

 

Bzfuture shares software news and advice on big data software and platforms. Don't forget to keep an eye on our weekly newsletter for more information.Get all the software products you need from the bzfuture online retail store. Connect with our customer service online.

닫음 Bzfuture 로그인을 환영합니다.

아직 가입하지 않았습니까?   Sign Up Now

제3자 계정으로 로그인 하기:

Open the bzfuture APP

Scan The code to login

닫음Bzfuture 가입을 환영합니다.

  • 이메일 주소*

    Please enter a valid Email.

  • Mobile Phone*

    Please enter a valid mobile phone.

  • Verification Code*

    Get Verification Code

    The code will be invalid in 5 minutes

  • 비밀번호*

    5 to 16 letters, numbers, and special characters.

  • 비밀번호 확인*

  • * 이름*

  • ~ 내용을 읽고 이에 동의합니다. 
    Bzfuture 행사, 콘테스트 및 뉴스 레터 구독

Bzfuture계정이 있습니까?   지금 로그인하기

제3자 계정으로 로그인 하기

닫음비밀번호를 잊어버렸습니다.

닫음

Prompt T698563:

The programe has been successfully submitted to the system

닫음

Prompt T698563:

The programe has been successfully submitted to the system

닫음

Prompt T698563:

The programe has been This is a warning ?

닫음Successful Registration

Click here to set up your User Center

Close보안 확인