Aramadito remote arbitrary file write in case of MiTM

Posted by thedeadcow on Jun 27

Armadito (https://github.com/armadito) is a cross-platform open-source
antivirus, that was originally the DAVFI project, financed through a french
government program.

As a security product supposed to protect computers against malware, its
update system fails at multiple points:
* the public key used to check update packages is retrieved using plain HTTP.
The same goes for the packages themselves.
* if Armadito can’t download this…

Leave a Reply