Fortinet Discovers Avast Security Product Security Bypass Vulnerability
Fortinet's FortiGuard Labs has discovered Security Bypass vulnerability in Avast.
It has been discovered that Avast self-defense driver can be bypassed by user-mode program. It would allow adversary to disable critical product functionalities. The flaw resides in Avast's self-defense driver aswSp.sys which allows adversary to modify Avast protected registry key. By exploiting the vulnerability, attackers could have the product become completely nonfunctional or partially malfunction by disabling the product update.
Users should apply the solution provided by Avast.
Following products and versions are affected.
AVAST Free Antivirus 12.2.2276 and below
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.