F-Secure has urgently released a patch for vulnerabilities that allow arbitrary code execution in their software package. This once again raises concerns that security applications are no longer immune from exploitation by hackers.
The Finnish antivirus software manufacturer has classified this update as “critical” due to vulnerabilities that enable malicious actors to bypass security measures and gain control over systems. This incident comes just weeks after rival company Symantec (USA) publicly acknowledged a “serious” buffer overflow issue in their AntiVirus Library that could be exploited to execute harmful code.
Thierry Zoller, an independent research expert based in Luxembourg, discovered that several security companies are also releasing products with similar vulnerabilities while examining F-Secure’s issues. “F-Secure is the first entity to disclose the flaw,” Zoller stated. “Meanwhile, some other companies have quietly updated or issued minor warnings to cover up the fact that their antivirus mechanisms are malfunctioning.” Zoller declined to disclose the names of these companies.
In the past 12 months, several major players in the security industry have had to roll out numerous patch updates. Observers believe that the day hackers exploit antivirus products to attack systems is fast approaching.
“It is surprising that we have not yet witnessed such an incident,” said Johannes Ullrich, Technical Director at the SANS Institute (USA). “Security software is the first line of defense against malicious code and is present on nearly every desktop, so if there is a problem, it truly makes for a perfect target.”
In its list of 20 vulnerabilities for 2005, SANS noted an increase in flaws within client applications, including antivirus and backup software. Alex Wheeler, an independent research expert, also documented vulnerabilities that could enable hackers to perform remote buffer overflow attacks in the programs of Symantec, Panda, Kaspersky Lab, and Sophos.
“It won’t be long before someone carries out a large-scale exploit, causing a serious buffer overflow with destructive potential equivalent to any automated worm attack,” said Marc Maiffret, Director of the Vulnerability Exploitation division at eEye (USA). “One should not assume that security software is difficult to exploit; it simply depends on whether someone is willing to do it.”
