- May 4, 2019
- 801
You'd think HTTPS certificate checking would be a cinch for a computer security toolkit – but no so for Avast's AntiTrack privacy tool.
Web researcher David Eade found and reported CVE-2020-8987 to Avast: this is a trio of blunders that, when combined, can be exploited by a snooper to silently intercept and tamper with an AntiTrack user's connections to even the most heavily secured websites.
Avast's AntiTrack promised to protect your privacy. Instead, it opened you to miscreant-in-the-middle snooping
HTTPS traffic could be intercepted, manipulated, thanks to sloppy proxy
www.theregister.co.uk