Ormandy created a Web-based proof of concept exploit that can list the contents of the computer’s C: drive, but an attacker could easily extend it to have any potentially interesting files sent back to him. “He can even take control of authenticated sessions and read email, interact with online banking, etc.” Google Project Zero researcher Tavis Ormandy found a vulnerability that could allow an attacker to take control of Avastium when opening an attacker-controlled URL in any other locally installed browser.īy exploiting the flaw, an attacker could remotely read “files, cookies, passwords, everything,” Ormandy said in a report that he sent to Avast in December and which he made public Wednesday. The latest example is the Avast SafeZone browser, internally known as Avastium, which is installed with the paid versions of Avast’s antivirus and security suites. Yet, at least two of them were recently found to have serious flaws that don’t exist in Chromium. Several antivirus vendors have taken the open-source Chromium browser and created derivatives that they claim are more privacy-friendly and secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |