To reverse the usual order, the good news is that AVG fixed the issue a while ago, as have Intel, owner of McAfee, as well as Kaspersky. The bad news is that this exploit is rather nasty and was completely avoidable with a bit of forethought. Of all the programs to follow a predictable pattern, AV software is the last one you would want to see do so. There is a tool over at github to allow you to check your own vulnerability. Personal machines should be good to go but as The Register mentions, at least one Enterprise level AV program is vulnerable and those definitions are often updated along a different path that consumer level products.
Chances are you are safe, but you should probably double check.
"In March, researchers at security firm enSilo found a serious flaw in popular free antivirus engine AVG Internet Security 2015. They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system."
Here is some more Tech News from around the web:
- Motorola’s X Force awakens a seemingly ‘shatterproof’ future @ The Register
- Graphene Super Caps: Coming Soon? @ Hack a Day
- AMD contributes to over 30% of ASMedia Technology 3Q15 revenues @ DigiTimes
- Old school Fibre Channel gets new lesson in NVMe treatment @ The Register
- Google says its quantum computer is 100 million times faster than PC @ The Register
- WordPress hosting service WP Engine has been hacked @ The Inquirer
- Fixing Mistakes in Git @ Linux.com
- Microsoft leaks Xboxlive SSL server cert @ The Register
- SoftMaker brings its Office 2016 suite to Linux @ The Inquirer
- Emoji – A New Universal Language @ Hardware Secrets
How do people find this stuff
How do people find this stuff out? Damn you, crazy intelligent programmers.
This is a poorly written
This is a poorly written article.
and this is a poorly written
and this is a poorly written criticism
In that other Anonymous’
In that other Anonymous’ defense that was awkward to read.
I had no idea what vulnerability was being talked about and yet you were saying it was fixed.
either way, all is well and a vulnerability being fixed is a good thing in my book.
Didn’t feel the need to
Didn't feel the need to repeat the info in the quote "They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system."
I'll think about better ways to point that sort of thing out.