- BitDefender’s Safepay had a bug that malicious actors could have exploited in RCE attacks.
- BitDefender issued an update that patches the browser vulnerability.
- Feel free to visit the BitDefender page to learn more about downloading and securing your Windows 10 PC with the antivirus tool.
- For tips and guides to optimizing your PC security, check out the Security & Privacy page.
The Bitdefender is one of the most popular antivirus solutions for resolving different types of cyber threats, including data theft, ransomware, and distributed denial of service (DDoS) attacks.
But it’s got its own inherent security flaws as cybersecurity researcher Wladimir Palant revealed recently.
Notably, Bitdefender’s Safepay had a bug that malicious actors could have exploited in remote code execution (RCE) attacks.
Bitdefender fixes Safepay bug
Palant brought the Safepay issue to the attention of Bitdefender, which swiftly released an update with a security fix.
Safepay is a browser security component that should protect your online transactions, including banking and e-shopping. Its objective is to put your browser activity in a sealed environment, making the theft of your personal information difficult.
It is ironic, then, that the same antivirus component meant to protect your browser could have been breached by cybercriminals.
Bitdefender has since released an advisory on the Safepay bug it patched:
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 18.104.22.168.
The HTTPS error handling issue in Safepay
The CVE-2020-8102 flaw in Safepay has something to do with the way Bitdefender handles HTTP connections.
According to Palant, the antivirus tool handles HTTP error certificates instead of leaving that task to the browser. So, when the solution encounters a suspicious security certificate, it offers the user the option of exiting to safety or proceeding to open the web page in question.
But the URL in the browser’s address bar remains the same, which appears to be the root cause of the RCE vulnerability.
For example, a hacker could load a malicious page in the Safepay by first presenting a valid certificate on initial request before changing to an invalid one from the same server. The vulnerable browser won’t stop the suspicious page behavior.
Thankfully, Palant’s is only a proof of concept (PoC), which is no evidence that some bad actors actually tried to exploit the RCE bug in Safepay.
As always, you’re welcome to leave any suggestions or questions in the comments section below.