BitDefender fixes bug allowing attackers to run commands remotely

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,172
Content source
https://www.bleepingcomputer.com/news/security/bitdefender-fixes-bug-allowing-attackers-to-run-commands-remotely/
Security solutions are designed to keep an organization safe, but that models crumble when that same software becomes a threat vector for the attackers to exploit.

Such is the case with a new Bitdefender remote code execution vulnerability, dubbed CVE-2020-8102, lurking in its Safepay browser component.

"Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116," an advisory published stated disclosed.

In a disclosure by Wladimir Palant, a security blogger and the original developer of the AdBlock Plus extension, a vulnerability was discovered in how Bitdefender protects users from invalid certificates.

As a part of the solution to overall system security, Bitdefender acts as a Man-in-the-Middle (MitM) proxy to inspect secure HTTPS connections.
This behavior is commonly employed by almost all antivirus vendors and is commonly referred to as Safe Search, Web Protection, Web Access Protection, etc.
Click to expand...
 
  • Wow
  • +Reputation
  • Like
Reactions: Gandalf_The_Grey, fabiobr, SumTingWong and 7 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
SeriousHoax said:
Point to be taken from the article:
Click to expand...
Yeah I completely agree, honestly. Yes, HTTPS encryption MITM can result in some malware being busted when they try to download their next stage payload. But that's arguably low hanging fruit for malware. Instead of HTTPS, just replace that with a password exchange and then download of an encrypted zip file. Boom, bypasses all SSL interception based scanning.

These kinds of unfortunate bugs aside, just the mere act of validating SSL certificates is not exactly easy. I have to trust my web browser can do it acceptably. I'd prefer not to have to trust another piece of software to do it.

Another price to pay is that after this interception, my web browser no longer shows the actual SSL certificate for me to inspect manually. That makes it harder for me to closely inspect whether a site is reputable or is phishing.
 
  • Like
  • +Reputation
Reactions: fabiobr, SeriousHoax, Gandalf_The_Grey and 5 others
You must log in or register to reply here.

Similar threads

CyberTech
    • +Reputation
    • Like
Atlassian warns of exploit for Confluence data wiping bug, get patching
Replies
0
Views
642
News Archive
CyberTech
CyberTech
Gandalf_The_Grey
    • Like
    • +Reputation
WinRAR flaw lets hackers run programs when you open RAR archives - fixed in version 6.23
Replies
1
Views
1,764
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Atatrah
    • Like
    • Thanks
Unlimited Giveaway Bitdefender Total Security 2024 - 90 Days Free
Replies
14
Views
2,660
Giveaways, Promotions and Contests
Atatrah
Atatrah

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top