L.S.,

A symlink race vulnerability takes place when you link a malicious and a legitimate file together, and end up executing malicious actions on the legitimate file. Symlink race vulnerabilities are often used to link malicious files to higher-privilege items, resulting in Elevation-of-Privilege (EoP) attacks.

Re: https://www.newsbytesapp.com/timeline/Science/60350/282163/security-flaws-detected-in-popular-antivirus-apps
Re: https://www.zdnet.com/article/symlink-race-bugs-discovered-in-28-antivirus-products/

Anyone as how to protect against such race conditions EoP attacks?

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Details: https://forum.avast.com/index.php?topic=66267.msg1544279#msg1544279

I’ve already addressed this with Avast but haven’t received any replies.

Hi bob3160,

There are certainly ways open to mitigate this, for instance with JavaScript code:
https://medium.com/@slavik57/async-race-conditions-in-javascript-526f6ed80665
& https://stackoverflow.com/questions/338110/avoiding-a-javascript-race-condition

Here we see these problems existed over quite some time:
https://www.win.tue.nl/~aeb/linux/hh/hh-9.html

polonus

I’ve reached out to Avast support and well and still have no answer as to whether Avast products have been secured. What is going on?

Here is Avast’s reply. https://forum.avast.com/index.php?topic=233871.msg1545064#msg1545064