Security researchers have disclosed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability affects multiple versions of Avast Free Antivirus, with the Cybersecurity Help database listing affected versions from 20.1.2397 through 2016.11.1.2262. Users running these versions should update their software as soon as possible to mitigate the risk. Avast Free Antivirus is one of the most popular antivirus solutions globally, with hundreds of millions of installations, making this vulnerability particularly concerning for home users relying on the free software for their security needs. “This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus,” stated the ZDI advisory. The security flaw exists within the Avast Free Antivirus’s aswbidsdriver kernel driver and stems from improper validation of user-supplied data. Over the past few years, vulnerabilities in various Avast software components, including issues with Avast Cleanup Premium and Avast Premium Security, have been documented. Security experts recommend that users enable automatic updates for their antivirus software to ensure they receive critical security patches promptly.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 06:45:10 +0000