Recently, Avast disclosed a security breach aimed at its CCleaner app. Once again, Avast made it to the news due to a security vulnerability. Specifically, a researcher spotted an XSS vulnerability in the Avast Desktop Antivirus tool for Windows, reporting which even won him a hefty bounty.
In a Medium blog post, a security researcher highlighted an XSS vulnerability in the Avast Desktop Antivirus which he discovered earlier this year. According to his findings, an attacker could simply trigger the vulnerability with WiFi SSIDs.
In brief, he found that a potential attacker could include a malicious payload into an SSID name. Then, if a Windows device running Avast antivirus would connect to this network, the antivirus would execute the XSS.
The exploit basically worked due to a feature in the Avast antivirus program for Windows. By default, the program displayed a pop-up notification whenever the device attempts to connect to a WiFi network. As it used to display the SSID name without sanitization, it was possible for any potential attacker to inject a malicious payload into the SSID name, which would then execute.
Following the script execution, the pop-up notification would then display a fake login prompt created by the attacker. Since the targeted user would see no URL, the victim would be more likely to believe it safe to enter their login credentials.
For further clarification, the researcher demonstrated the attack in the following video.
After discovering the vulnerability, the researcher YoKo Kho reported the matter to Avast. The firm promptly acknowledged the flaw and later confirmed it to be a serious vulnerability.