Six vulnerabilities in the way some software vendors utilize the "code hooking" technique exposes their products to exploitation from malware that can leverage this security flaw to bypass security mitigations and compromise targeted devices.
Hooking is a coding technique that allows an application to tap into the process of another application. Many types of desktop applications enable and use this technique, and especially security products that need to monitor other applications for malicious activity.
Security firm
enSilo discovered a problem with how a large number of software applications utilize the hooking technique, which leaves the door open for exploitation from malicious actors.
Vulnerabilities identified in 2015
Their research stems from a
previous investigation which has identified problems in how AVG, McAfee, and Kaspersky handle the computer's memory space.
It is during that investigation when enSilo's team has noticed the problematic way in which antivirus engines hook into other applications and system APIs to monitor and scan for malicious activity.
Later on, they discovered that other kind of applications, such as virtualization and performance monitoring software are vulnerable to the same issue, and can be leveraged by malware in attacks meant to bypass security software and OS-level malware mitigation techniques.
