Overview
A critical security vulnerability, identified as CVE-2025-8351, has been discovered in Avast Antivirus for MacOS. This vulnerability is a heap-based buffer overflow that could allow a local attacker to execute arbitrary code or cause a denial-of-service condition on the antivirus engine process. The vulnerability occurs when the software processes a malformed file. This issue affects Antivirus versions 8.3.70.94 and earlier, and has been patched in version 8.3.70.98.
Technical Details
CVE-2025-8351 is a heap-based buffer overflow vulnerability. This means that when Avast Antivirus scans a specially crafted (malformed) file, the software attempts to write data beyond the allocated memory buffer on the heap. This out-of-bounds write can overwrite critical data structures, leading to:
- Local Code Execution: An attacker with local access could craft a malicious file that, when scanned by Avast, overwrites memory with attacker-controlled code, allowing them to execute arbitrary commands on the system with the privileges of the Avast Antivirus engine.
- Denial-of-Service (DoS): Overwriting memory can also lead to a crash of the Avast Antivirus engine process, effectively disabling the antivirus protection and potentially making the system more vulnerable to other threats.
The vulnerability stems from improper bounds checking during file processing. The software fails to validate the size of the data being written to the heap buffer, allowing it to exceed the buffer’s boundaries.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-8351 a score of 9 (Critical). This high score reflects the severity of the vulnerability and the potential impact it can have on affected systems. A CVSS score of 9 indicates the following:
- Attack Vector: Local (Requires local access to exploit)
- Attack Complexity: Low (Relatively easy to exploit once a malformed file is introduced)
- Privileges Required: None (No privileges required to exploit)
- User Interaction: Required (User or system must initiate a scan of the malicious file)
- Scope: Changed (An exploited vulnerability can affect resources beyond the attacker’s authority)
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Possible Impact
The exploitation of CVE-2025-8351 can have severe consequences:
- System Compromise: Attackers can gain control of the affected MacOS system through code execution.
- Data Theft: Successful exploitation can lead to unauthorized access to sensitive data stored on the system.
- Malware Installation: Attackers can install malware, including ransomware and keyloggers.
- Disrupted Antivirus Protection: A denial-of-service condition leaves the system unprotected.
Mitigation and Patch Steps
The recommended mitigation is to update Avast Antivirus for MacOS to version 8.3.70.98 or later. This version contains a patch that addresses the heap-based buffer overflow vulnerability.
- Automatic Updates: Ensure that automatic updates are enabled in Avast Antivirus settings. This will allow the software to automatically download and install the latest version.
- Manual Updates: If automatic updates are not enabled, manually check for updates by opening Avast Antivirus and selecting the “Update” option.
- Verification: After updating, verify that you are running version 8.3.70.98 or later by checking the “About” section within the Avast Antivirus application.
