Avast's AntiTrack promised to protect your privacy. Instead, it opened you to miscreant-in-the-middle snooping

2020-03-10 00:43

You'd think HTTPS certificate checking would be a cinch for a computer security toolkit - but no so for Avast's AntiTrack privacy tool.

The flaws affect both the Avast and AVG versions of AntiTrack, and punters are advised to update their software as a fix for both tools has been released.

The second issue is due to AntiTrack forcibly downgrading browsers to TLS 1.0, and the third is due to the anti-tracking tool not honoring forward secrecy.

Avast has acknowledged the bug both in its own-branded AntiTrack and in the AVG version.

"Thanks to David reporting these issues to us, the issues have been fixed, through an update pushed to all AntiTrack users," Avast said.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/10/avast_mitm_antitrack_bug/

#avast #privacy