F-Secure Patches Old AV Bypass Vulnerability

From securityweek.com

A vulnerability addressed by F-Secure in some of its business products could have been exploited to bypass their scanning engine using malformed archives.

The patched issue is actually over a decade old — it was initially detailed in 2009 by security researcher Thierry Zoller — and resides in an anti-virus application’s inability to scan a compressed archive that a user can access.

There are multiple archive formats (ISO, ZIP, Bz2, RAR, GZIP, and others) that an attacker could use to avoid detection by affected cybersecurity products.

According to Zoller, email gateways and antivirus infrastructure are impacted the most, given that they cannot decompress the malformed archive to inspect its content. Users could still detect any malicious code upon extraction, but that still means some security services could be rendered useless, the researcher argues.

Read more…