Acknowledgments

[MartinZ]

This topic is dedicated to thank users and enthusiasts who helped us to discover and fix critical bugs in our programs.

Thanks go to wes4m who found a way to escape Avast sandbox. The omission was fixed in Avast 9.0.

Thanks also go to Kasif Dekel from CyberArk who reported the "Illusion Gap" attack - switching the content of files between the AV scanning and the actual open (i.e. avoiding detection). The problem was fixed in Avast 17.7.

[MartinZ]

Thanks goes to limingzheng from 360 aegis security team who discovered a bug in Sandbox, allowing to escape the virtualization (a process running in Sandbox could modify files on the real file system). This bug was fixed in version 17.7.

[igor]

Thanks also to Pierre-Alexandre Braeken who found a bug in the online installer which allowed an unelevated process to execute elevated code during the installation of Avast antivirus. The problem is already fixed in the current build of Avast installer.

[igor]

Thanks also to Tinu Tom who found a sandbox escape caused by incomplete hooking on older versions of Windows 10. The problem will be fixed in Avast 20.1.

[igor]

Thanks to Nafiez (Independent Researcher) who found a vulnerability in SecureLine VPN allowing an authenticated attacker to elevate their privileges to SYSTEM. The issue is already fixed in the latest version of SecureLine VPN.

[igor]

Thanks go to abdelhamid naceri who reported several issues in Avast already. A bug that made it possible to delete arbitrary files using SYSTEM privileges was fixed at the end of April via a virus definition update. Another report revealed how an unprivileged user can render the machine ubootable; that issue was fixed in Avast 20.8.

[igor]

Thanks go to Xavier Danest who found a vulnerability in our VPN products. An incorrectly built OpenSSL library made it possible for an attacker to escalate their privileges from a standard account to an administrator. Fixed versions were released in February.