silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Security solutions are designed to keep an organization safe, but that models crumble when that same software becomes a threat vector for the attackers to exploit.
Such is the case with a new Bitdefender remote code execution vulnerability, dubbed CVE-2020-8102, lurking in its Safepay browser component.
"Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116," an advisory published stated disclosed.
In a disclosure by Wladimir Palant, a security blogger and the original developer of the AdBlock Plus extension, a vulnerability was discovered in how Bitdefender protects users from invalid certificates.
As a part of the solution to overall system security, Bitdefender acts as a Man-in-the-Middle (MitM) proxy to inspect secure HTTPS connections.
This behavior is commonly employed by almost all antivirus vendors and is commonly referred to as Safe Search, Web Protection, Web Access Protection, etc.