The “code hooking” technique exposes software products to malware exploitation.
Researchers have found six vulnerabilities in the “code hooking” technique which ventilate the software products to danger. Cybercriminals can leverage these flaws to bypass security mitigations and compromise targeted machines.
The hooking technique allows one application to tap into the process of another one. It is widely used, especially by security products which have to keep an eye on other apps for malicious activity.
A huge number of software apps download and use this technique which gives the cybercriminals an opportunity for exploitation, which is a serious problem according to enSilo security firm.
In the course of a research, the enSilo team noticed the sticky way in which antivirus engines hook into other applications and system APIs to monitor and scan for malicious activity.
Shortly after, the experts found out that other type of apps, including virtualization and performance monitoring software, are exposed to the same problem as well. They can also be leveraged by attackers to bypass security software and OS-level malware mitigation techniques.
These ten companies have already been notified and have started the patching process: McAfee, BitDefender, AVG, Symantec, Vera, Avast, Kaspersky, WebRoot, Citrix XenDesktop and Emsisoft.
Moreover, any application that uses the Microsoft Detours hooking engine is also affected. The list includes products from more the 100 independent software vendors as well as almost all Microsoft products like Office suite.
The patching process of all applications means a recompilation of all products alongside a distribution of the new versions. This is probably the reason why enSilo did not published the problem earlier.
Microsoft has stated it would update its apps and the Detours engine in its August Patch. Meanwhile, the issue is soon to be discussed at this year`s Black Hat security conference which will take place in LA at the beginning of August.
