Now Reading
ESET fixes critical security vulnerability in its products, which were reported by Google’s Project Zero

ESET fixes critical security vulnerability in its products, which were reported by Google’s Project Zero

by AshwinJune 24, 2015

Antivirus vendor, ESET, has announced that it has fixed a critical security vulnerability reported by Google’s Project Zero.


The Mountain View company’s team, reported the vulnerability to the security firm yesterday, but ESET had already fixed it a day before.

The exploit was discovered by Google Engineer, Tavis Ormandy of the Google Project Zero team. The exploit found in ESET was a serious one, in its scanning engine’s emulation process. This reportedly compromised a system’s security. An attacker could remotely execute a malicious code in the emulated environment, to take control of the system, without the user being aware of the attack.

The bad news is, this exploit was found to be present in all of ESET’s products across all platforms, namely the following ones.

  • ESET Smart Security for Windows
  • ESET NOD32 Antivirus for Windows
  • ESET Cyber Security Pro for OS X
  • ESET NOD32 For Linux Desktop
  • ESET Endpoint Security for Windows and OS X
  • ESET NOD32 Business Edition

Even the default security configuration was found to be vulnerable.

The good news is, that the vulnerability has been patched by ESET, and this has been acknowledged by the Google Project Zero Team. Also, ESET says that this vulnerability was not present in ESET’s pre-release engine.

If you are running ESET Smart Security 9, you can switch from Regular Updates to Pre-Release Updates by the following method:

1. Open the ESET GUI.

2. Press F5 to open the “Advanced Settings”.

3. Now click on “Update” in the left pane, and click on “Basic”, under “My Profile”.

4. Click on “Update Mode” to expand the options, and select “Pre-release Update”, and click the OK button.

5. An elevated prompt from UAC should open, accept it to save the changes.

Note: This will download a new Virus Database package.

ESET fixes the vulneralibility:

ESET released an update signature (11824) on June 22nd, which updated the scanning engine. This update has patched the loophole reported by Google.

Hover your mouse cursor over the ESET icon in the system tray, it will display a small pop-up. The second line of the pop-up message displays the “Virus Signature Database”, next to which you will find the signature number. If your computer is connected to the internet, ESET’s database should automatically be updated, and will display a signature number more recent than 11824.


My ESET Smart Security shows that it currently has the latest database available 11837P (at the time of writing this article)

What was the purpose of Google’s discovery?

The company states that a lot of security products make use of emulation features to allow unpackers to run before a signature update is applied. Google’s report says this is not a theoretical risk, and it also links to a page which says that antivirus programs are often targeted by advanced attackers.

If you are confused by the term “Signature Updates”,  this should help you understand better:

Antivirus vendors release signature updates to their antivirus programs. These signature updates contain information, using which the antivirus product detects malwares and viruses.