Monthly Archives: June 2015

Avira

We Focus on Customers, Others Play Dirty Tricks

Our blogpost from a few days ago, NSA and GCHQ Have Been Spying on Antivirus Companies, contained our response to recent revelations that the NSA and GCHQ had been targeting antivirus vendors located outside the US and UK. The original story was published by The Intercept, and contained an image from a PowerPoint presentation listing all the potential targets which included Avira, AVAST, and AVG, among others.

We then issued our blog post indicating that our role as a security company is to keep intruders out – even if they might be governments. So far, so good.

Yesterday though, it was brought to our attention that a German website had published an article telling readers that Avira has been attacked by the NSA and that they should instead download AVAST, AVG, or G-Data, because they are more secure. This in itself is not an uncommon tactic and definitely no reason to go ahead and write a blog post – if it would have ended here. Which it didn’t:  both AVAST and AVG have been removed from the list of targets (we’re not sure why, but perhaps to give the article more gravitas …)

Can you spot the difference?

Spot the difference - AVAST and AVG missing

Original from The Intercept (left) / Falsified image from freeware.de (right)

As you can see in the version reported by freeware.de, only Avira has been carefully encircled, while both AVG and AVAST have been removed.

Who is behind this? We are not sure, but we want our customers to be aware that this information presented is false.

The post We Focus on Customers, Others Play Dirty Tricks appeared first on Avira Blog.

NVD

CVE-2015-1266 (chrome)

content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.

NVD

CVE-2015-1267 (chrome)

Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp.

NVD

CVE-2015-1269 (chrome)

The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.

NVD

CVE-2015-1268 (chrome)

bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value’s DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.