Avast Antivirus Vulnerability Let Attackers Escalate Privileges

Security researchers have disclosed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability affects multiple versions of Avast Free Antivirus, with the Cybersecurity Help database listing affected versions from 20.1.2397 through 2016.11.1.2262. Users running these versions should update their software as soon as possible to mitigate the risk. Avast Free Antivirus is one of the most popular antivirus solutions globally, with hundreds of millions of installations, making this vulnerability particularly concerning for home users relying on the free software for their security needs. “This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus,” stated the ZDI advisory. The security flaw exists within the Avast Free Antivirus’s aswbidsdriver kernel driver and stems from improper validation of user-supplied data. Over the past few years, vulnerabilities in various Avast software components, including issues with Avast Cleanup Premium and Avast Premium Security, have been documented. Security experts recommend that users enable automatic updates for their antivirus software to ensure they receive critical security patches promptly.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 06:45:10 +0000


Cyber News related to Avast Antivirus Vulnerability Let Attackers Escalate Privileges

Avast Antivirus Vulnerability Let Attackers Escalate Privileges - Security researchers have disclosed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability affects multiple versions of ...
1 month ago Cybersecuritynews.com
Avast settles claims of customer data peddling for $17M The Register - Avast has agreed to cough up $16.5 million after the FTC accused the antivirus vendor of selling customer information to third parties. The US regulator filed [PDF] a lengthy complaint against Avast regarding its use and alleged misuse of customer ...
1 year ago Go.theregister.com
CVE-2012-1443 - The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command ...
12 years ago
CVE-2012-1459 - The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ...
7 years ago
New decryptor for Babuk Tortilla ransomware variant released - Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at ...
1 year ago Blog.talosintelligence.com
Avast confirms it tagged Google app as malware on Android phones - Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday. On affected devices, users were warned to immediately uninstall the Google app ...
1 year ago Bleepingcomputer.com Rocke
Holiday Season Online Privacy Recipe - Make delicious sense of online cookies with Avast and get two signature holiday cookie recipes from chef Carla Hall. Aggressive advertisers can use them to track your every move online and sell your information. So now you know which cookies to ...
1 year ago Blog.avast.com
CVE-2012-1457 - The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, ...
7 years ago
CVE-2009-1431 - XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) ...
5 years ago
FTC Accuses Avast of Selling Customer Browsing Data to Advertisers - The US government's consumer protection agency is moving to ban anti-malware software vendor Avast from selling customer web browsing data to third-party advertising companies. The agency also plans to slap Avast with a $16.5 million fine and an ...
1 year ago Securityweek.com
Babuk ransomware decryptor updated with Tortilla support The Register - Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of ...
1 year ago Go.theregister.com DAIXIN
You don't need to pay for antivirus software - here's why | ZDNET - As for Windows? Well, Microsoft Defender Antivirus, which is included with every Windows PC, routinely aced the tests from third-party labs that measure the effectiveness of security software. Older Americans are significantly more likely to use ...
7 months ago Zdnet.com
CVE-2024-7233 - Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to ...
6 months ago Tenable.com
CVE-2024-7232 - Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to ...
6 months ago Tenable.com
CVE-2012-1456 - The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command ...
7 years ago
New Decryption Key Available for Babuk Tortilla Ransomware Victims - A new decryptor key has been created for victims of the Babuk Tortilla ransomware variant, Cisco Talos has confirmed. These keys will be added to a generic Babuk decryptor previously created by Avast Threat Labs. This will enable users to download ...
1 year ago Infosecurity-magazine.com Black Basta
Avast Threat Report shows humans are better targets that software - The latest Avast Threat Report identifies the most prominent targets for cybercrime-and it's us. While that has some slight relationship to the real world, Avast Threat Labs' latest findings show that online fraudsters aren't focusing as much on ...
1 year ago Blog.avast.com
CVE-2007-1673 - unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. ...
6 years ago
CVE-2012-1423 - The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman ...
12 years ago
CVE-2012-1420 - The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft ...
12 years ago
CVE-2012-1461 - The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, ...
12 years ago
CVE-2024-7228 - Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to ...
6 months ago Tenable.com
CVE-2024-7229 - Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute ...
6 months ago Tenable.com
CVE-2024-7231 - Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute ...
6 months ago Tenable.com
CVE-2024-7230 - Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute ...
6 months ago Tenable.com