Several popular Windows antivirus software brands under the Gen Digital umbrella were susceptible to a privilege escalation vulnerability.
The bug affected products from NortonLifelock (GenDigital), such as Norton Antivirus Windows Eraser Engine, Avira Security, Avast Antivirus, and AVG Antivirus. The vulnerability, tracked as
CVE-2022-4294, was assigned a score of 7.1, indicating high severity.
According to an advisory published by Norton, four antivirus brands for Windows systems may be affected by a privilege escalation flaw. These types of vulnerabilities allow attackers to gain elevated system access after they initially compromise affected software.Privilege escalation flaws are valuable to attackers since they’re often required for various malicious activities but can get overlooked by developers because of their typically low severity scores.
According to Norton, the bug was fixed with “Avast and AVG Antivirus version 22.10, Norton Antivirus ERASER Engine 119.1.5.1 and Avira Security version 1.1.78.” “We encourage customers to ensure their security software are always updated to the latest version available,” the software provider said. The information in the advisory indicates the flaw was mitigated with updates released starting October 5 for Norton, October 20 for Avast and AVG, and November 22 for Avira.
Researcher Bahaa Naamneh, a technical fellow at cybersecurity firm Crosspoint Labs, was acknowledged by the company in the advisory on mitigating the vulnerability.
Norton, Avira, Avast, and AVG are owned by a multinational software company Gen Digital, formerly known as NortonLifeLick and Symantec Corporation. The company boasts a revenue of over $2.7 billion and employs over 2,700 people.