Author Topic: Acknowledgments  (Read 19104 times)

0 Members and 1 Guest are viewing this topic.

Offline MartinZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1071
  • Product Manager
Acknowledgments
« on: January 15, 2018, 10:09:55 AM »
This topic is dedicated to thank users and enthusiasts who helped us to discover and fix critical bugs in our programs.

Thanks goes to Kasif Dekel from CyberArk who reported the "Illusion Gap" attack - switching the content of files between the AV scanning and the actual open (i.e. avoiding detection). The problem was fixed in Avast 17.7.
« Last Edit: August 04, 2020, 04:14:18 PM by igor »

Offline MartinZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1071
  • Product Manager
Re: Acknowledgments
« Reply #1 on: January 15, 2018, 10:13:19 AM »
Thanks goes to limingzheng from 360 aegis security team who discovered a bug in Sandbox, allowing to escape the virtualization (a process running in Sandbox could modify files on the real file system). This bug was fixed in version 17.7.
« Last Edit: August 04, 2020, 04:08:18 PM by igor »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11761
    • AVAST Software
Re: Acknowledgments
« Reply #2 on: March 29, 2019, 03:52:50 PM »
Thanks also to Pierre-Alexandre Braeken who found a bug in the online installer which allowed an unelevated process to execute elevated code during the installation of Avast antivirus. The problem is already fixed in the current build of Avast installer.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11761
    • AVAST Software
Re: Acknowledgments
« Reply #3 on: February 20, 2020, 04:37:24 PM »
Thanks also to Tinu Tom who found a sandbox escape caused by incomplete hooking on older versions of Windows 10. The problem will be fixed in Avast 20.1.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11761
    • AVAST Software
Re: Acknowledgments
« Reply #4 on: August 18, 2020, 02:54:57 PM »
Thanks to Nafiez (Independent Researcher) who found a vulnerability in SecureLine VPN allowing an authenticated attacker to elevate their privileges to SYSTEM. The issue is already fixed in the latest version of SecureLine VPN.