Bitdefender update patches Safepay error handling bug

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • BitDefender’s Safepay had a bug that malicious actors could have exploited in RCE attacks.
  • BitDefender issued an update that patches the browser vulnerability.
  • Feel free to visit the BitDefender page to learn more about downloading and securing your Windows 10 PC with the antivirus tool.
  • For tips and guides to optimizing your PC security, check out the Security & Privacy page.
BitDefender browser bug

To fix various PC problems, we recommend DriverFix:
This software will keep your drivers up and running, thus keeping you safe from common computer errors and hardware failure. Check all your drivers now in 3 easy steps:

  1. Download DriverFix (verified download file).
  2. Click Start Scan to find all problematic drivers.
  3. Click Update Drivers to get new versions and avoid system malfunctionings.
  • DriverFix has been downloaded by 0 readers this month.

The Bitdefender is one of the most popular antivirus solutions for resolving different types of cyber threats, including data theft, ransomware, and distributed denial of service (DDoS) attacks.

But it’s got its own inherent security flaws as cybersecurity researcher Wladimir Palant revealed recently.

Notably, Bitdefender’s Safepay had a bug that malicious actors could have exploited in remote code execution (RCE) attacks.

Bitdefender fixes Safepay bug

Palant brought the Safepay issue to the attention of Bitdefender, which swiftly released an update with a security fix.

Safepay is a browser security component that should protect your online transactions, including banking and e-shopping. Its objective is to put your browser activity in a sealed environment, making the theft of your personal information difficult.

It is ironic, then, that the same antivirus component meant to protect your browser could have been breached by cybercriminals.

Bitdefender has since released an advisory on the Safepay bug it patched:

Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to

The HTTPS error handling issue in Safepay

The CVE-2020-8102 flaw in Safepay has something to do with the way Bitdefender handles HTTP connections.

According to Palant, the antivirus tool handles HTTP error certificates instead of leaving that task to the browser. So, when the solution encounters a suspicious security certificate, it offers the user the option of exiting to safety or proceeding to open the web page in question.

But the URL in the browser’s address bar remains the same, which appears to be the root cause of the RCE vulnerability.

For example, a hacker could load a malicious page in the Safepay by first presenting a valid certificate on initial request before changing to an invalid one from the same server. The vulnerable browser won’t stop the suspicious page behavior.

Thankfully, Palant’s is only a proof of concept (PoC), which is no evidence that some bad actors actually tried to exploit the RCE bug in Safepay.

As always, you’re welcome to leave any suggestions or questions in the comments section below.

idee restoro Still having issues? Fix them with this tool:
  1. Download this PC Repair Tool rated Great on (download starts on this page).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues with Patented Technologies (Exclusive Discount for our readers).

Restoro has been downloaded by 0 readers this month.

This article covers:Topics: