Application Installers Should Be Checked for Vulnerabilities

Vulnerability Blog Shield

Application security vulnerabilities are among the most common causes for security issues. Defects in the software can become entry points for hackers and can be exploited to gain access to IT systems.

Recovering from such an attack is not cheap, or easy.

As software gets more and more sophisticated and complex, the number of application vulnerabilities is constantly increasing. This makes it ever more necessary to have complete visibility of any applications installed on an endpoint, and the vulnerabilities present in those applications.

Application Installer Vulnerabilities

Attackers are also taking advantage of security holes in application installers. Attackers may be able to execute arbitrary code and conduct DLL hijacking attacks, gain privileges, and obtain a user's personally identifiable information through exploiting vulnerabilities in the installation process.

In 2014, as Palo Alto Networks reported, half of Android users were exposed to attacks via installation vulnerabilities. When a user installed an application, hackers leveraged vulnerabilities to control the data on the PackageInstallerActivity page and obtain permission to download and install malware.

Without checking an application for vulnerabilities before installing, you leave open such security holes for attackers.

Examples of Installer Vulnerabilities

The installer in some Microsoft Windows editions mishandles library loading, which allows local users to gain privileges via a crafted application, known as "Windows Installer Elevation of Privilege Vulnerability" (CVE-2016-7292).

The installer in VMware Workstation Pro 12.x and VMware Workstation Player 12.x (both before 12.5.0) on Windows allows local users to gain privileges via a Trojan horse in a directory (CVE-2016-7085, CVE-2016-7086).

As reported in CVE-2016-6322, Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.

The above vulnerabilities are well-known and patches have been issued for them, but it's impossible to know if such a patch is necessary prior to installation without scanning the installers for vulnerabilities.

Detecting the vulnerabilities in an application before it's installed is challenging for a number of reasons — for example, vendors often bundle their products with open source applications and libraries, complicating the customers' chance of knowing which products are in fact present on their systems.

Therefore, it's necessary to check vulnerabilities within an installer before installing an application.

Gaining Visibility of Vulnerabilities

Vulnerability Blog Image

OPSWAT's Vulnerability Engine provides a very quick vulnerability assessment by correlating community sources with our OESIS endpoint data supporting hundreds of applications including both Microsoft and non-Microsoft applications such as Java, Adobe, browsers, and other commonly known vulnerable software that are top targets for attacks.

OPSWAT's Vulnerability Engine is able to identify known vulnerabilities of an installer and report them by severity level, allowing you to apply necessary patches and protect your endpoint or network.

Learn more about the OPSWAT Vulnerability Engine here.

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.