Home » Technology » VirusTotal Vulnerability provided root access to scanner VMs

VirusTotal Vulnerability provided root access to scanner VMs

The VirusTotal platform has long been considered a standard tool in the security world. It is therefore quite embarrassing for Google as an operator that it was possible to abuse the service using a vulnerability. The main reason was the carelessness that security researchers keep warning about: ExifTool, a tool for reading metadata from image files, is used as part of the service.

However, this was an outdated version and VirusTotal’s operators simply hadn’t installed the actual patches available yet. This is specifically about a bug involved in evaluating data from DjVu files. The patch that can be used to fix this problem is also not particularly fresh but was made available on April 13, 2021 – more than a year ago. The remaining bug made it possible to smuggle and execute remote code to the VirusTotal server.

Exploit immediately available

According to all the information available so far, Google is actually lucky that no criminals noticed this negligence. Instead, the vulnerability was found by the company’s security researchers Cysource who reported the issue to Google.

The bug has now been fixed. The security researchers were able to access a whole series of virtual machines on which VirusTotal runs various virus scanners. Access to the virtualized systems as possible with root privileges. Since the exploit code for the vulnerability is fairly easy to find on the Internet, things could have been worse if malicious attackers had stumbled upon the vulnerability.