A security vulnerability has been discovered and patched in the Malwarebytes antivirus for Windows, as COSIG (Centre Opérationnel de Sécurité Informatique Gouvernemental) is reporting.
The discovery was made by Francis Provencher, a member of the COSIG research & pentesting team based in Quebec, Canada.
According to Mr. Provencher, the vulnerability is triggered "when a malformed executable with an invalid integer (-1) in the 'SizeOfRawData' in UPX section is parsed by [the] Malwarebytes [antivirus]."
This leads to a memory corruption on the user's computer, which in turn exposes the system to situations where arbitrary code can be executed by an attacker leveraging this issue.
A memory corruption occurs when the content of a memory location is unintentionally modified by programming errors, or in this case, by malicious code.
Mr. Provencher and COSIG reported the issue to Malwarebytes Corporation, the company behind Malwarebytes Anti-Malware (MBAM), the antivirus solution where the vulnerability was discovered.
Malwarebytes, a company that has entered the antivirus market in 2008 and has gained quite a reputation in the meantime, responded to the finding and issued a security patch for its product in no more than two days.
Proof of concept code is available on GitHub and via the Protek Research Lab website.
"A vulnerability in Malwarebytes Anti-Malware 2.2.0 was reported to us by an independent researcher," a Malwarebytes spokesperson told Softpedia. "A fix was released two days after it was reported to us and we have seen no evidence it has ever been used in the wild. We work closely with external researchers, and are grateful for the opportunity to improve our products."
Hi:
I'm not qualified to address the veracity of the claims made in the article.
I'll defer to others with more security expertise.I will, however, say that I am immediately skeptical of its accuracy, given the fact that that Malwarebytes Anti-Malware (MBAM)is not, was not and never has been an "antivirus for Windows".A security vulnerability has been discovered and patched in the Malwarebytes antivirusfor Windows,
It is a specialized anti-malware application designed to run alongside an antivirus.
This article explains in more detail: Does Malwarebytes Anti-Malware replace antivirus software?
Cheers,
MM
Semantics.
Malwarebytes admits the vulnerability in the last paragraph. Point is Malwarebytes, like all security software, is not perfect.
True.
I hope the researchers are better at their security job than they are at nomenclature.
Thankfully, the vulnerability was fixed several days ago.
Cheers,
MM
