Researchers at SentinelLabs have discovered two high-severity vulnerabilities in the Anti Rootkit driver of Avast and AVG antivirus. These vulnerabilities are tracked as CVE-2022-26522 and CVE-2022-26523. It could affect millions of users who use these antivirus softwares.
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,” SentinelOne researcher Kasif Dekel said in a report.
Antivirus software runs with high privilege levels. So these vulnerabilities could allow an attacker to potentially disable security solutions and perform other malicious actions on the system.
The vulnerabilities have existed since 2012 and reside in Avast’s anti-rootkit kernel driver named aswArPot.sys. The driver was introduced in Avast version 12.1 which was released back in 2012. This driver is also used by AVG because Avast acquired AVG in 2016 for $1.3 Billion.
There is no evidence that these vulnerabilities have been used to target users. If you are using Avast or AVG antivirus, you do not need to worry. Since the vulnerabilities have already been fixed, you should have received the update.
SentinelLabs reported vulnerabilities to Avast in December 2021. In February, Avast confirmed that it has fixed vulnerabilities.
