Update now: massive vulnerabilities in 28 antivirus programs
These vulnerabilities for Windows, Linux and macOS systems allowed system files to be deleted.
A group of researchers at Rack911 Labs has been searching for vulnerabilities in antivirus software. The researchers found a so-called symlink vulnerability in 28 products for Windows, Linux and macOS.
The locally exploitable vulnerabilities enabled the respective AV programs to delete important system files or components of the AV software themselves instead of supposed malware.
The research team has written a blog post entitled Exploiting (Almost) Every Antivirus Software with all affected antivirus programs. The post also explains how the programs were tested. At the end of 2018, Rack911 started to contact the manufacturers and inform them with individual vulnerability reports. As a result, most manufacturers tried to remedy the leaks promptly.
Many antivirus vendors now patched the vulnerabilities found with the exception of a few, who will likely have patches out soon.
Read more about the vulnerabilities here.
Please make sure your antivirus software is up to date!