The Nigerian Communications Commission (NCC) has advised that allowing automatic update features for AVAST and AVG anti-virus applications could prevent cyber vulnerabilities.
The Computer Security Incident Response Team (CSIRT) of the NCC, in a statement signed by its Director of Public Affairs, Ikechukwu Adinde on Sunday, noted that the vulnerabilities in AVAST and AVG anti-virus apps can lead to millions of devices being attacked.
Recall that Investors King reported that the NCC had warned Nigerians about a new hacking technique that allows hackers to access and hijack vehicles.
Investors King also recalls that the CSIR team had proffered solutions to the newly developed cyberattack schemes on telecom consumers.
According to the CSIRT, the AVAST and AVG Antiviruses can lead to attacks on millions of devices with high impact in terms of consequences to the ICT user.
“The threat types as a result of this vulnerability are bypass authentication, remote code execution and unauthorised access while consequences range from privilege escalation, bypass security products, overwrite system components and corrupting the operating system”, the statement read.
The CSIRT further stated that “researchers at SentinelOne security firm have discovered two potentially damaging vulnerabilities in AVAST and AVG antivirus products that allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.
“Two vulnerabilities identified as CVE-2022-26522 and CVE-2022-26523 targeted the “anti rootkit” driver of Avast antivirus (also used by AVG) allowing an attacker with limited privileges on the targeted system to execute code in system mode (kernel mode) and take complete control of the device. Moreover, the vulnerabilities allow complete take-over of a device, even without privileges, due to the ability to execute code in kernel mode.
“However, the cybersecurity centre has offered tripartite measures that should be taken by Internet/ICT users to prevent being vulnerable to cyber threats. They include enabling automatic update features for AVAST and AVG antiviruses, upgrading AVAST and AVG antiviruses to version 22.1.2504, as well as carrying out regular patch management”.
NCC said the advice is coming as the commission is committed to continually sensitise Nigerians on how to prevent cyber attack.