Malwarebytes uses incorrect ACLs allowing trivial privilege escalation.Malwarebytes updates are not signed or downloaded over a secure channel.Time's up for Malwarebytes, so now miscreants can start to exploit the reported vulnerabilities: Project Zero gives vendors 90 days to fix their broken software before they go fully public. These latter vulnerabilities may take up to three weeks to fix and release, although Ormandy has already gone public with details of the holes. However, security holes remain in the client-side software that runs on people's Windows PCs. The antivirus firm says it has addressed server-side vulnerabilities that were reported by Google Project Zero researcher Tavis Ormandy in November. Malwarebytes is rushing to plug security flaws in its software that allow miscreants to sling malware at its customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |