Google Zero claims to have discovered a major flaw in the MalwareBytes antivirus. Google Zero has unveiled detailed information related to these vulnerabilities. In fact, the 90-day period has passed without that Malwarebytes was able to make any changes. The case still worrying for Malwarebytes users.
Google Zero discover a flaw in Malwarebytes
Security failures were discovered by researcher Tavais Ormandy, part of the team of Google Zero Project. He identified the security vulnerabilities in several antivirus programs. MalwareBytes is part of these programs. Indeed, 90 days after the first report to the publisher of the software, the team of Google Zero reveals details of vulnerabilities discovered by researchers. For Malwarebytes, the period of time was not enough (90 days). This is because Google Zero today published a blog post detailing the vulnerabilities already identified in November 2015 as in antivirus software. Tavis Ormandy exposed in his blog post, information about several vulnerabilities. Therefore, updates to MalwareBytes are not digitally signed. According to Tavis Ormandy, research suggests that an attacker could use some of the process to insert their own code on a targeted machine. This leads, of course, a significant risk of insecurity. Everyone is now aware of the magnitude of the problem and may be tempted to use Malwarebytes.
Actions will be taken by Malwarebytes
Ormandy, working for Malwarebytes responded in a blog post. He expressed his regrets for not having been able to correct in time these faults detected by the Google team. However, it promises a solution. A corrective patch to version 2.2.1 of the software, which will be published only in 3 or 4 weeks later (from the second week of April 2016). This delay is nevertheless quite worrying. For its part, Marcin Kleczynski reassured that against-measures are possible for users of Malwarebytes Premium. However, users of the free version will have to wait more to get the software fix.