A high-severity vulnerability has been identified in Avast Antivirus on macOS systems. An attacker with local access to a machine could exploit this flaw using a specially crafted file to execute malicious code or disable the antivirus protection, leaving the system exposed to further threats.

The vulnerability is a Heap-based Buffer Overflow that leads to an Out-of-bounds Write condition within the Avast Antivirus scanning engine on macOS. When the antivirus engine attempts to parse a specially crafted Mach-O executable file, it fails to properly validate the size of certain data structures. An attacker can create a malicious Mach-O file that causes the engine to write data beyond the allocated buffer on the heap, potentially overwriting critical program data or function pointers. Successful exploitation requires a local attacker to introduce the malicious file to the system and have it scanned, which could lead to arbitrary code execution with the privileges of the antivirus service or a crash of the service, resulting in a denial of service for the security protection.

This vulnerability is rated as High severity with a CVSS score of 8.1. Exploitation could have a significant business impact by undermining the core security posture of affected macOS endpoints. If an attacker successfully executes arbitrary code, they could gain elevated privileges, install persistent malware, exfiltrate sensitive data, or pivot to other systems on the network. A denial-of-service attack would disable the antivirus protection, leaving the system blind to and unprotected from other malware or threats, thereby increasing the risk of a more significant security breach.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected macOS systems without delay. System administrators should prioritize the deployment of the patched Avast Antivirus versions to mitigate the risk of exploitation.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes monitoring for unexpected crashes or restarts of the Avast Antivirus service in system logs. Additionally, monitor for the creation of suspicious Mach-O files on endpoints and review endpoint detection and response (EDR) logs for any unusual process execution originating from the antivirus service itself.

Compensating Controls: If immediate patching is not feasible, organizations can implement compensating controls to reduce the attack surface. Enforce the principle of least privilege to limit the ability of users to introduce new files to the system. Implement application whitelisting to prevent the execution of unauthorized Mach-O files. Enhance file integrity monitoring on critical systems to detect the presence of suspicious or unauthorized files that could be used to trigger this vulnerability.

Public Exploit Available: false

Given the high severity (CVSS 8.1) of this vulnerability and its potential to completely compromise endpoint security, immediate action is required. We strongly recommend that all organizations using Avast Antivirus on macOS prioritize the deployment of the vendor-supplied security patches. Although this vulnerability is not currently listed on the CISA KEV catalog, its potential for local privilege escalation and security bypass makes it an attractive target for attackers. Proactive patching is the most effective strategy to prevent potential exploitation.