AVG Antivirus (Mac OS X) – Arbitrary File Overwrite Vulnerability

Product Description:

AVG AntiVirus is a family of antivirus software developed by AVG Technologies, a subsidiary of Avast. It is available for Windows, macOS and Android.

Vulnerability Discussion:

The HUB component of AVG for Mac OS X contains a vulnerability that would allow a malicious user to overwrite any file under the operating system by performing a basic symlink style attack. The end result is that key files vital to the operation of the OS could be overwritten leading to a Denial of Service attack.

Vendor Contact Timeline:

2019-03-29: Vendor contacted via email.
2019-04-01: Vendor confirms vulnerability.
2019-04-29: Vendor issues product update v19.0.
2019-04-29: RACK911 Labs issues advisory.

About Us:

https://www.RACK911Labs.com

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119

1-855-RACK911

Reference(s):

http://mac-av.u.avcdn.net/mac-av/10_10/AAVG/changelog.html