A critical vulnerability has been identified in Avast Antivirus for macOS, assigned a CVSS score of 9. An attacker can exploit this flaw by tricking a user into downloading a specially crafted malicious file, which, when scanned by the antivirus, could cause the security software to crash or allow the attacker to execute arbitrary code and take control of the system. This presents a significant risk of system compromise or a complete loss of antivirus protection on affected endpoints.

The vulnerability is a combination of a Heap-based Buffer Overflow and an Out-of-bounds Read within the antivirus scanning engine. An attacker can craft a malicious file that, when parsed by the Avast engine, triggers a memory corruption error. Exploitation occurs when a user on an affected system downloads or receives this file, prompting an automatic or manual scan. A successful exploit could lead to two outcomes: a Denial-of-Service (DoS) by crashing the antivirus engine process, leaving the system unprotected, or more severely, remote code execution with the elevated privileges of the antivirus process, granting the attacker significant control over the macOS system.

This vulnerability is rated as critical severity with a CVSS score of 9, posing a substantial risk to the organization. Successful exploitation for code execution could lead to a full system compromise, enabling attackers to steal sensitive data, install ransomware, or use the compromised machine as a pivot point to attack the wider network. A denial-of-service attack against the antivirus engine would effectively disable a key security control, rendering endpoints blind to other malware and threats. This not only increases the risk of a secondary infection but also undermines the organization's overall security posture and could lead to compliance violations.

Immediate Action: Update Avast Antivirus on all affected macOS endpoints to version 8.3.70.98 or a later, patched version as recommended by the vendor. After patching, verify that the update was successfully installed across all relevant assets.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes monitoring for unexpected crashes of the Avast Antivirus engine process on macOS systems. Additionally, monitor for any unusual child processes spawning from the antivirus engine, as this is a strong indicator of successful code execution. Reviewing file access logs for recently downloaded or created files that may have triggered the vulnerability can aid in forensic investigations.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the attack surface. Enhance email and web gateway security to block or quarantine potentially malformed or suspicious files before they reach the endpoint. Implement Application Control or whitelisting policies to prevent the execution of unauthorized code, which could thwart an attacker's payload even if the vulnerability is exploited. Reinforce user security awareness training, cautioning against downloading files from untrusted sources.

Public Exploit Available: False

This is a critical vulnerability that allows for local code execution and a complete bypass of a core security control. Although this CVE is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity score demands immediate attention. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patches to all affected macOS systems to mitigate the significant risk of system compromise and data loss.