© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Norton, Avira, Avast, AVG affected by a privilege escalation bug


Several popular Windows antivirus software brands under the Gen Digital umbrella were susceptible to a privilege escalation vulnerability.

The bug affected products from NortonLifelock (GenDigital), such as Norton Antivirus Windows Eraser Engine, Avira Security, Avast Antivirus, and AVG Antivirus. The vulnerability, tracked as CVE-2022-4294, was assigned a score of 7.1, indicating high severity.

According to an advisory published by Norton, four antivirus brands for Windows systems may be affected by a privilege escalation flaw. These types of vulnerabilities allow attackers to gain elevated system access after they initially compromise affected software.

Privilege escalation flaws are valuable to attackers since they’re often required for various malicious activities but can get overlooked by developers because of their typically low severity scores.

According to Norton, the bug was fixed with “Avast and AVG Antivirus version 22.10, Norton Antivirus ERASER Engine 119.1.5.1 and Avira Security version 1.1.78.”

“We encourage customers to ensure their security software are always updated to the latest version available,” the software provider said.

The information in the advisory indicates the flaw was mitigated with updates released starting October 5 for Norton, October 20 for Avast and AVG, and November 22 for Avira.

Researcher Bahaa Naamneh, a technical fellow at cybersecurity firm Crosspoint Labs, was acknowledged by the company in the advisory on mitigating the vulnerability.

Norton, Avira, Avast, and AVG are owned by a multinational software company Gen Digital, formerly known as NortonLifeLick and Symantec Corporation. The company boasts a revenue of over $2.7 billion and employs over 2,700 people.


More from Cybernews:

US ramps up space cyber defenses eyeing private businesses

Severance for fired Twitter employees? More like settlement agreements, lawyer says

Maritime software company admits to cyberattack

Lawtech entrepreneur offers to pay $1M for using AI in court

Dark web drug markets use custom Android apps to avoid scrutiny

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked