Serious Security Vulnerability Found In All Mcafee Antivirus Editions

by Harry M. developer

Following Avast, we now hear of a security bug in McAfee antivirus. Researchers have found this vulnerability to affect all McAfee Antivirus Editions, the vulnerability could allow for code execution via DLL injection.

Source:-Serious Security Vulnerability Found In All Mcafee Antivirus Editions

Vulnerability In McAfee Antivirus Editions

Researchers from SafeBreach Labs have discovered a serious security vulnerability affecting all Editions of McAfee Antivirus software. Elaborating on their findings in a report, Peleg Hadar stated that a potential attacker could exploit the vulnerability to achieve code execution.

An attacker could load an arbitrary unsigned DLL to these processes to execute code while evading defense mechanisms. Researchers have also shared a PoC for the exploit. They could load DLL and execute code in multiple processes signed by McAfee. The researchers suspect that the vulnerability could have allowed an attacker to execute malicious payloads, evade security checks, and bypass application whitelisting.

McAfee Released A Fix

Upon discovering the bug in August 2019, the researchers informed McAfee about the flaw. They noticed that this vulnerability, CVE-2019-3648, affected all versions of McAfee Total Protection (MTP), McAfee Anti-Virus Plus (AVP), and McAfee Internet Security (MIS) until v.16.0.R22.

Following their report, McAfee rolled out a fix for this vulnerability with the release of software version 16.0.R22 Refresh 1. Though, they have labeled this flaw as a medium severity vulnerability, with a CVSS base score of 6.1.

Users of affected versions of McAfee Antivirus software should hence ensure they update their systems to the latest patched versions.

Recently, Avast also made it to the news when a researcher found a cross-site scripting vulnerability affecting the Avast and AVG antivirus Desktop for Windows. Though, the vendors not only patched the flaw but also awarded the researcher $5000 as bounty.

Harry Martin is a creative person who has been writing blogs and articles about cybersecurity. He writes about the latest updates regarding mcafee.com/activate and how it can improve the work experience of users. Her articles have been published in many popular e-magazines, blogs, and websites.

Sponsor Ads

Ad Space Available - Rent it Now!

About Harry M. developer

19 connections, 1 recommendations, 88 honor points.
Joined APSense since, November 11th, 2019, From Los Angeles, CA, United States.

Report this Page

Created on Nov 14th 2019 10:40. Viewed 351 times.

Articles

Serious Security Vulnerability Found In All Mcafee Antivirus Editions

Sponsor Ads

About Harry M. developer

Comments

Recommended Reading?

Sponsored

Tags Links

More Articles

Similar Articles

Similar Articles

How to Share a GIF on Instagram?

How to Fix ‘The Installation Package Could Not Be Opened’ Error On Windows

How to Fix Physxloader.Dll Is Missing Error

How To Fix MacBook Microphone Issues?

Best Tips and Tricks for Perfect Delivery in Death Stranding

Install McAfee Antivirus with the help of McAfee Customer Care for Internet Security

DIFFERENCE BETWEEN MCAFEE ANTIVIRUS AND INTERNET SECURITY

Antivirus Software and Internet Security For Your PC and Laptop – McAfee Activate

Cover up all security flaws with McAfee antivirus for PC and mobile devices

Vulnerability Found in the New Intel CPU: Here is Everything to Know