A vulnerability addressed by F-Secure in some of its business products could have been exploited to bypass their scanning engine using malformed archives.
The patched issue is actually over a decade old — it was initially detailed in 2009 by security researcher Thierry Zoller — and resides in an anti-virus application’s inability to scan a compressed archive that a user can access.
There are multiple archive formats (ISO, ZIP, Bz2, RAR, GZIP, and others) that an attacker could use to avoid detection by affected cybersecurity products.
According to Zoller, email gateways and antivirus infrastructure are impacted the most, given that they cannot decompress the malformed archive to inspect its content. Users could still detect any malicious code upon extraction, but that still means some security services could be rendered useless, the researcher argues.
Despite being alerted to the existence of this bug ten years ago, many anti-virus companies did nothing to address it in their products, Zoller says.
Following the emergence of the first live attacks to exploit the vulnerability at scale for malware distribution, Zoller decided last year to check how various security products out there have been patched following his 2009 research.
What he discovered in November was that many remained vulnerable, so he decided to report the security flaw once again to the impacted vendors.
Last month, the researcher revealed that some vendors had already acted upon his reports and released patched for their products, including ESET, Kaspersky, Bitdefender, and Avira. Avira initially dismissed the report, saying the bypass does not represent a vulnerability.
Over the past week, Zoller published advisories detail ..
Support the originator by clicking the read the rest link below.
