Avast anti-tracking system actually exposed users

News
By published

AntiTrack privacy feature was meant to protect users

(Image credit: Pixabay)

A privacy feature found in antivirus software from Avast and AVG was actually exposing their data, new research has found.

AntiTrack was designed to strip tracking cookies and scripts from websites sousers can browse the internet anonymously without being tracked. 

It was included in both Avast and AVG products, with Avast AntiTrack version older than 1.5.1.172 and AVTG AntiTrack version 2.0.0.178 or older all affected.

Insecure browsing

The vulnerability, listed as CVE-2020-8987, was found by web researcher David Eade who identified and reported the findings to Avast.

He found that AntiTrack does not verify the authenticity of certificates presented by a website, meaning hackers could easily gain entry via Man in The Middle (MiTM) attacks, allowing them to hijack browser sessions and steal data.

Hackers do not even need local access or any special software to trigger this vulnerability, Eade noted.

The fact that AntiTrack ignores higher security protocols and downgrades the protocols to TLS 1.0 even if the server supports TLS 1.2 is another serious flaw found in the program, making the system vulnerable to more security issues.

It is also reported that AntiTrack does not honor the secured browser encryption suites in favour of weak and old encryption standards. 

"A remote attacker running a malicious proxy could capture their victim's HTTPS traffic and record credentials for later re-use," Eade said.

He further added, “If a site needs two-factor authentication (such as a one-time password), then the attacker can still hijack a live session by cloning session cookies after the victim logs in.” 

Both vulnerabilities were identified in August 2019, however a security patch was only releasedfor both Avast and AVG AntiTrack this week on March 9. Avast thanked Eade in a blog post, saying that the issues were all now fixed.

  • We'll help you pick from the best VPN options

Via: ZDNet

TOPICS
Jitendra Soni
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Nimo N172 laptop

This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
See more latest
Most Popular
Nimo N172 laptop
This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event