Several well-known antivirus products have some common security flaws, known as “symlink races,” according to a cyber-security firm…
Some of the most popular antivirus services available today — about twenty-eight — did or do contain bugs that can be compromised by hackers, cyber-security company RACK911 Labs warns. The issues reside in what’s known at “symlink races,” a way to contaminate computers with malware and other malicious files.
Antivirus Apps ‘Symlink Races’ Security Flaws Exposed
Compromised antivirus apps include such familiar names as Microsoft Defender, McAfee Endpoint Security, and Malwarebytes. They either had or still contain vulnerabilities that allows would-be attackers to delete essential files and even cause crashes, which could be used to install malware.
Symlink races are symbolic links and directory junctions that are used by nefarious characters to link malicious files to legitimate files whenever the antivirus programs are actively scanning system files for viruses and removing them.
What’s more, the exploit works not only across different security programs, but also, across platforms. Meaning, it can be used to compromise Windows, Linux, or Macs, only different methods of execution are required to infect devices.
The good news is, that it’s necessary to download and run the necessary code prior to executing a symlink race. That means it requires an existing breach and can’t (at least for now) be used to open a breach. Plus, most of the vendors have already fixed the bugs.