The cybersecurity industry has been fighting for some time with the issues residing in product flaws. Software vendors and product manufacturers have come heavily under criticism from security experts and consumers alike for releasing flawed products that pose several cybersecurity risks. However, not all flaws are a result of an oversight, some cybersecurity threats are a result of a specific functionality exploited by a person with malicious intentions. Let’s look at some of the top product flaws that still the cybersecurity domain.
The media lights focused on vulnerabilities really began to shine when a security researcher going by the name Kristian Hermansen revealed the startling flaw in the FireEye platform. This was disclosed as a result of waiting for over 18 months for a fix from the vendor. The discovered flaw is a login bypass flaw that would give hackers root access to the affected systems.
Memory allocation antivirus flaws
Soon after the FireEye bug was disclosed, security researchers from enSilo discovered critical memory allocation flaws in some of the biggest antivirus vendors like AVG, Intel, McAfee, and Kaspersky Lab. All these products faulted in how they allocate memory, which essentially allowed attackers to convert these AV systems into an attack tool against other applications.
Antivirus hooking flaw
In addition to the memory allocation flaws, the last year’s Black Hat USA conference had another set of researchers from enSilo, who found a flaw in the way that prominent antivirus and security products’ hooking engines interacted with systems that essentially gave attackers a clear way to bypass the security controls of the underlying operating system. Several top market products including AVG, Kaspersky Lab, McAfee, Symantec, Trend Micro, Bitdefender, Webroot, Avast, and Vera were impacted.
Crazy Bad’ Windows malware engine flaw
Microsoft’s Malware Protection Engine was attacked due to another crucial remote code execution flaw that led to a US-CERT alert and compelled Microsoft to issue an out-of-band patch. The critical flaw was discovered by none other than Ormandy, who named it as “Crazy Bad” vulnerability along with his Project Zero colleague Natalie Silanovich.
Finally, we arrive at the CCleaner debacle, which takes the crown for attracting a bunch of malware disguised as trusted software. These malware made their way to about 2 million devices, that too, through a trusted source. Adding more salt to the wound, Cisco Talos researchers discovered that the backdoor contained customized payloads, targeting at least 20 systems at Microsoft, Google, HTC, Sony, Samsung, D-Link, Akamai, VMware, Linksys, and Cisco itself.
This may not be the exhaustive list of flaws, but a popular one. However, the list flaws keep only getting longer with more attackers exploiting the bugs and stalling services or impacting the usage. All the users should keep a track on the latest bugs that were discovered in the products and services they use: in addition, they should patch their software regularly to avoid cyberattacks.