Symlink security bug detected in 28 antivirus apps

What’s worrisome is that this bug affects a wide range of antivirus software including those for Windows, MacOS and even Linux.

Antivirus apps are one of our first lines of defence against viruses, malicious codes and other threats. But what if there was a way that protective layer could be disabled or neutralised? Apparently, security researchers have detected a bug that renders this protective wall useless.

According to Rack911 Labs (via ZDNet), 28 popular antivirus apps including Avast, AVG, Kaspersky, Bit Defender and Norton have a bug that could allow hackers turn these softwares into self-destruct tools.

Before we get into the details, let’s first understand how an antivirus software works. As the security blog explains, when an unknown file is saved to the hard drive of a device, the antivirus performs a real time scan.If the newly downloaded file is determined to be a threat, the software will automatically quarantine the file and move it to a secure location, where it await the user’s instructions.

These files are often placed next to the legitimate files, which often run in a privileged state. Simply said, they have the highest level of authority within the operating system. “Therein lies a fundamental flaw as the file operations are (almost) always performed at the highest level which opens the door to a wide range of security vulnerabilities and various race conditions,” Rack911 Labs wrote in a blog post.

The Symlink Race vulnerability bug uses these privileges to delete legitimate and important files pertaining to the antivirus software and “render it ineffective and even delete key operating system files that would cause significant corruption requiring a full reinstall of the OS.”

“Make no mistake about it, exploiting these flaws were pretty trivial and seasoned malware authors will have no problem weaponizing the tactics outlined in this blog post,” the blog said.

What’s worrisome is that this bug affects a wide range of antivirus software including those for Windows, MacOS and even Linux.

Now, some good news. The security researchers say that most of the affected antivirus softwares have fixed this bug with the exception of a few. The researchers, however, didn’t reveal the names of the researchers who haven’t updated their apps yet, which means that there is nothing more for you to do here except to update your antivirus software and hope that the company has fixed this flaw.