Researcher David Eade reports AntiTrack bug to Avast
Thanks to David’s bug bounty submission, Avast fixed a certificate validation flaw in Avast and AVG versions of AntiTrack
Big thanks to David Eade for reporting security issues affecting Avast and AVG AntiTrack. Following David’s submission, we fixed the issues in versions 1.5.1.172 of Avast AntiTrack and version 2.0.0.178 of AVG AntiTrack.
David discovered security issues affecting AntiTrack users in regards to how HTTPS filtering occurred. With this feature enabled, certain browsers could successfully connect using TLS 1.0, even if TLS 1.0 had been explicitly disabled in the browser. Cipher suites were not honored entirely and forward secrecy did not work correctly for all supported browsers. David also found that AntiTrack did not effectively block self-signed certificates for unsecure sites.
Thanks to David reporting these issues to us, the issues have been fixed, through an update pushed to all AntiTrack users.
