The renown Kaspersky security solution has been reported to be flawed with how it runs remotely-hosted JavaScript file in the source code of every website a user visits in its processes of matching the site against the list of suspicious web addresses on its database.

Kaspersky Lab is a cybersecurity and antivirus provider headquartered in Russia, but operational as a multinational holding company, with extensive facilities in the United Kingdom.

The flaw marked as CVE-2019-8286 and credited to Ronald Eikenberg, an independent security researcher, stems from how the URL scanning module (Kaspersky URL Advisor) integrated into the antivirus program works. While the profiling is even active in private browsing mode (otherwise known as Incognito Mode in Chrome browser), with the flaw exposing a user by disclosing the UUID (Universally Unique Identifier) information associated with that user to every visited website.

The UUID can easily be traced to a particular individual and capturable by any website, or even third-party analytics services, since the file contains a string which is unique to the Kaspersky user.

Kaspersky, on the other hand, has acknowledged the flaw and issued a patch for it by assigning a general constant value mark (FD126C42-EBFA-4E12-B309-BB3FDD723AC1) for all Kaspersky users instead of the Universally Unique Identifier. But even with that, the Kaspersky URL Advisor still exposes users by allowing websites and third-party services to know if a visitor has the antivirus software installed on their system.

This particular issue has been classified as User Data disclosure, and could allow an attacker to prepare and deploy a more malicious script to track the perceived protected user with an implant on the web servers.

Though, users can disable this tracking altogether by manually disabling the URL Advisor on the software by going to Settings, click on Additional, then Network, and uncheck the traffic processing box.

How Kaspersky Antivirus URL Advisor flaw exposes users to advanced Web tracking



The renown Kaspersky security solution has been reported to be flawed with how it runs remotely-hosted JavaScript file in the source code of every website a user visits in its processes of matching the site against the list of suspicious web addresses on its database.

Kaspersky Lab is a cybersecurity and antivirus provider headquartered in Russia, but operational as a multinational holding company, with extensive facilities in the United Kingdom.

The flaw marked as CVE-2019-8286 and credited to Ronald Eikenberg, an independent security researcher, stems from how the URL scanning module (Kaspersky URL Advisor) integrated into the antivirus program works. While the profiling is even active in private browsing mode (otherwise known as Incognito Mode in Chrome browser), with the flaw exposing a user by disclosing the UUID (Universally Unique Identifier) information associated with that user to every visited website.

The UUID can easily be traced to a particular individual and capturable by any website, or even third-party analytics services, since the file contains a string which is unique to the Kaspersky user.

Kaspersky, on the other hand, has acknowledged the flaw and issued a patch for it by assigning a general constant value mark (FD126C42-EBFA-4E12-B309-BB3FDD723AC1) for all Kaspersky users instead of the Universally Unique Identifier. But even with that, the Kaspersky URL Advisor still exposes users by allowing websites and third-party services to know if a visitor has the antivirus software installed on their system.

This particular issue has been classified as User Data disclosure, and could allow an attacker to prepare and deploy a more malicious script to track the perceived protected user with an implant on the web servers.

Though, users can disable this tracking altogether by manually disabling the URL Advisor on the software by going to Settings, click on Additional, then Network, and uncheck the traffic processing box.

No comments