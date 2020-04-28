Comment: Symlink Race Bugs Discovered In 28 Antivirus Products

It has been reported that security researchers have found “symlink race” vulnerabilities in 28 of today’s most popular antivirus products. The researchers said in a report that the bugs can be exploited by an attacker to delete files used by the antivirus or by the operating system, resulting in crashes or rendering the computer unusable. Given that almost all antivirus software runs with the highest privileges on the operating system, it will continue to be a high-value target for cybercriminals.

EXPERTS COMMENTS
Satnam Narang, Senior Research Engineer,  Tenable
April 28, 2020
To successfully exploit these flaws, timing is of the essence as the flaws rely on a race condition.
To weaponise the “symlink race” flaws found in 28 popular antivirus products, attackers would first need to establish a local presence on the victim’s system or include the malicious code as part of malware to create a directory junction (Windows) or symlink (macOS/Linux). This code could be used to remove important system files including those associated with the operating system or antivir ....
In this article