Users of Avast don’t need to take any special action in response to this vulnerability because the company disabled the feature globally. Common phishing and security awareness tips such as not opening or running attachments from unknown senders can go a long way toward preventing attacks against vulnerabilities like this one. Due to the nature of how antivirus applications operate, there are often portions of the software that are designed to run with higher-level privileges which could allow an attacker administrative rights if successfully exploited. Binary Defense highly encourages anyone making use of antivirus products to allow it to continue updating automatically not only to receive the latest antivirus definitions but because of critical security updates such as this one. Sources: https://twitter.com/avast_antivirus/status/1237685343580753925 https://www.zdnet.com/google-amp/article/avast-disables-javascript-engine-in-its-antivirus-following-major-bug/