I know that everybody is tired of me talking about #Avast but this time it's a beefy RCE vulnerability. Avast Secure Browser could be trivially taken over by any website, allowing even execution of arbitrary OS commands. #infosec #appsec
That's the actual research I was conducting when I hit their privacy issues. It's a bit weird that I kept talking about their data collection practices while the initial security research had to stay secret until the deadline.
Big thanks to @email@example.com for the important hint here!
@WPalant AVG went already down, now also Avast???
What's up with Windows Antivirus makers? I guess that Windows Defender ate their chunk of the market, right?
@Genstar I don't think that this is due to Windows Defender. They rather never had strong incentives to invest in security. Some did nevertheless, most never really cared. And since security researchers rarely look at the "web protection" components of antivirus applications, these are often problematic to say the least.
A Mastodon instance for info/cyber security-minded people.