David Eade

**Name of the Vulnerable Software and Affected Versions** Avast AntiTrack versions prior to 1.5.1.172 AVG Antitrack versions prior to 2.0.0.178 **Description** The issue allows a man-in-the-middle to host a malicious website using a self-signed certificate, as the software does not validate certificates for HTTPS sites. This can be exploited when the "Allow filtering of HTTPS traffic for tracking detection" option is enabled, which is the default configuration. No special action is required from the victim to be affected. **Recommendations** For Avast AntiTrack versions prior to 1.5.1.172, update to version 1.5.1.172 or later. For AVG Antitrack versions prior to 2.0.0.178, update to version 2.0.0.178 or later.