Skip to main content

These popular antivirus tools share a major security flaw

(Image credit: Image Credit: Leolintang / Shutterstock)

More than two dozen popular antivirus solutions contain a flaw that could enable hackers to delete files, trigger crashes and install malware, according to a new report from cybersecurity experts Rack911 Labs.

Popular antivirus solutions such as Microsoft Defender, McAfee Endpoint Security and Malwarebytes all feature the bug, which is described as “trivial” to abuse.

The report refers to the shared vulnerability as “symlink race” – the use of symbolic links and directory junctions to link malicious files to legitimate counterparts. This all occurs in the short space of time between an antivirus scanning and deleting a file.

"Make no mistake about it, exploiting these flaws was pretty trivial and seasoned malware authors will have no problem weaponising the tactics outlined in this blog post," said the report.

Rack911 also claims the same principle applies on Windows, Linux and Mac, albeit with a slightly tweaked technique.

"It's a very real and old problem with operating systems that allow concurrent processes. Many programs have been found to suffer from it in the past," Dr. Bontchev, member of the National Laboratory of Computer Virology at the Bulgarian Academy of Sciences, told ZDNet.

Most the affected vendors - including Symantec, McAfee and AVG - have already patched the flaw, but a few remain vulnerable.