![]() ![]() Several antivirus and security vendors have come under scrutiny in the last few weeks for flaws in their software. This week he went public with flaws in Comodo’s browser, which is also based on Chromium while before that he published research into Malwarebytes that showed it was susceptible to man in the middle attacks. Ormandy has been busy of late discovering holes and bugs in security software. “He can even take control of authenticated sessions and read email, interact with online banking, etc.”Īvast published a patch for the vulnerability this week after Ormandy gave a 90-day period before going public. “Putting this all together, if an Avast user using *any* Web browser visits an attacker controlled URL, he can launch Avastium and take complete control of it reading files, cookies, passwords, everything,” said Ormandy. He also discovered that Avast’s browser had removed a “critical security check” from Chromium that would help in preventing these kinds of attacks. Ormandy created a proof of concept attack that could exploit someone’s C:/ drive and access files. He made his notification public this week.Īccording to Ormandy, a user can fall prey to someone accessing their browser if they click on a malicious website set up by the attacker. Last December, Google Project Zero security researcher Tavis Ormandy notified the company of flaws he found in the browser that could allow an attacker to access stored passwords and local files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |