Security News > 2020 > March > Avast pulls plug on insecure JavaScript engine in its security software suite
2020-03-13 02:16
Avast has disabled a component in its Windows anti-malware suite that posed, ironically enough, a significant security risk.
The software maker switched off the JavaScript interpreter in its toolkit after Google Project Zero's Tavis Ormandy, and his colleagues, alerted the developer to design flaws in the code.
Five days later, the Googler released a shell for poking around in Avast's JavaScript engine for anyone interested in assessing the antivirus suite.
Wow - Avast decided to disable their JavaScript interpreter globally!
Praise from the security community has been hard for Avast to come by lately.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/13/avast_javascript_security/