![]() ![]() ![]() This allows an attacker to read cookies, email, interact with online banking and so on,” Ormandy said. Additionally, you can send arbitrary *authenticated* HTTP requests, and read the responses. You don't even have to know the name or path of the file, because you can also retrieve directory listings using this attack. “ allows an attacker to read any file on the filesystem by clicking a link. The Google expert pointed out that an attack could have worked even if the victim had never used Avastium. If an attacker could convince a victim to visit a malicious URL, they could launch Avastium and gain complete control of the application. ![]() By removing this security check, the Avast tool permitted attackers to gain additional privileges and conduct various actions on the system. Ormandy discovered in mid-December that unlike Chromium, which only allows WebSafe URLs on the command line, SafeZone allowed any URL without restriction. The tool is included in Avast’s Premier, Internet Security and Pro Antivirus products. SafeZone, also known as Avastium, is a Chromium fork designed to protect Avast users’ data when they shop or bank online. A vulnerability in Avast’s SafeZone tool allowed attackers to read any file on the system by getting the victim to click on a link, Google researcher Tavis Ormandy revealed on Thursday. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |