The Nigerian Communications Commission has advised Nigerians consumers to set antivirus on their devices on automatic update as one of the three measures to protect them from cyber attacks.
The regulator said enabling automatic update features for AVAST and AVG antiviruses will prevent potential cyber vulnerabilities.
The NCC said this based on new advisory released by the its Computer Security Incident Response Team (CSIRT).
The CSIRT said that “cyber vulnerability in AVAST and AVG Antiviruses can lead to attacks on millions of devices with high impact in terms of consequences to the ICT user.”
It explained that the threat types as a result of this vulnerability are Bypass Authentication, Remote Code Execution and Unauthorised Access.
The consequences of the vulnerability range from Privilege Escalation, Bypass Security Products, Overwrite System Components and corrupting the Operating System.
The commission quoted the security unit as saying researchers at SentinelOne security firm have discovered two potentially damaging vulnerabilities in AVAST and AVG antivirus products that allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.
The CSIRT said, “Two vulnerabilities identified as CVE-2022-26522 and CVE-2022-26523 targeted the “Anti Rootkit” driver of Avast antivirus (also used by AVG) allowing an attacker with limited privileges on the targeted system to execute code in system mode (kernel mode) and take complete control of the device. Moreover, the vulnerabilities allow complete take-over of a device, even without privileges, due to the ability to execute code in kernel mode,” the CSIRT said in the advisory.
On measures to keep consumer’s devices safe, the cybersecurity centre suggested a tripartite measure that should be taken by Internet/ICT users to prevent being vulnerable to the cyber threats.
The measures include, “enabling automatic update feature for AVAST and AVG antiviruses, upgrading AVAST and AVG antiviruses to version 22.1.2504, as well as carrying out regular patch management.”