Author Topic: [RESOLVED] [Web Shield] Avast vulnerable to FREAK security flaw. SOLUTION  (Read 5254 times)

0 Members and 1 Guest are viewing this topic.

westjgames@live.com

  • Guest
Using Avast with Web Shield enabled puts you at risk of the FREAK vulnerablity

This issue appears to have been resolved as of version 2015.10.2.2214.
If you have disabled your Web Shield, please follow the steps below to re-activate it.

  • Open the Avast user interface

  • Click Turn On text
  • Avast should turn green. Proceed to the next step

  • Click on Settings, and select Update

  • Hit Update in both the Virus Definitions and the Program sections, and click OK

  • Avast may ask you to reboot once complete! Save all your tasks and reboot Windows

Note: I have still not confirmed whether the Mail Shield is vulnerable. I would like to invite an Avast representative to answer this question.

What can I do now?

Confirm if your browser is still vulnerable: https://freakattack.com/

If it still shows a red message, confirm your Avast version is 2015.10.2.2214. If it is, run Windows Update, manually update your browsers, or try to use a known safe browser.

As stated by FreakAttack's website:

Quote
If you run a server …

You should immediately disable support for TLS export cipher suites.   While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy.   For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator. We also recommend testing your configuration with the Qualys SSL Labs SSL Server Test tool.

If you use a browser …

Make sure you have the most recent version of your browser installed, and check for updates frequently.   Updates that fix the FREAK attack should be available for all major browsers soon.

If you’re a sysadmin or developer …

Make sure any TLS libraries you use are up to date.   Unpatched OpenSSL, Microsoft Schannel, and Apple SecureTransport all suffer from the vulnerability.   Note that these libraries are used internally by many other programs, such as wget and curl.   You also need to ensure that your software does not offer export cipher suites, even as a last resort, since they can be exploited even if the TLS library is patched.   We have provided tools for software developers that may be helpful for testing.

As usual, stay away from sites you don't know. Employ common sense when browsing the Internet. only visit known safe, secure websites, always type in the full URL of your financial institutes instead of using connecting links from other websites and employ a reputable third-party payment gateway, such as PayPal (https://www.paypal.com/) to handle your transactions instead of posting your credit card details.

Above all else, Keep your Avast software and Virus Definitions updated at all times!.

If you have any problems, please shoot a message below, I will try my best to respond as quickly as possible.
« Last Edit: March 12, 2015, 07:46:08 PM by westjgames »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Intriguing as my Avast set up has me secure.  Also if you disable webshield you have removed your first and main line of defence

Do you have https scanning enabled and are you using the lates version


« Last Edit: March 12, 2015, 07:21:14 PM by essexboy »

westjgames@live.com

  • Guest
It's true that Web Shield does a good job with protecting users against malicious websites and infected downloaded files, however, the FREAK vulnerability allows attackers to intercept all website communications, both HTTP and HTTPS.

More information can be found here: https://freakattack.com and here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
I have just edited my previous post.  What version are you running ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86142
  • No support PMs thanks
Firstly 2015.10.0.2208 isn't the latest Program update, so I would start by updating the program to 2015.10.2.2214.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

westjgames@live.com

  • Guest
My versions, as posted in the opening post, are 25.10.0.2208 and VDV 150312-1

My Avast user interface has not told me that it is out of date, either.


westjgames@live.com

  • Guest
I shall force an update and see what happens.

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11151
  • No support PM's thanks
You only have to look at the stickied posts at the top of the forum to see you're on an outdated version.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31299
  • Watching (over?) you
    • Malware removal, Biljart and other things.
The topic is wrong.
It is not avast that is vulnerable, but browser communication.

For several browsers there are already patches and for others there are solutions.
For a start, don't allow ssl but only tsl.

westjgames@live.com

  • Guest
Noted and updated to reflect that.

westjgames@live.com

  • Guest
After testing I have confirmed that it has been patched as of 2015.10.2.2214

I have reflected the opening post to address users still experiencing the issue.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86142
  • No support PMs thanks
Thanks for testing and the confirmation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security