Security software vendor Malwarebytes has humbly admitted to security flaws in its own consumer anti-malware offering and are urging customers. Here's what the company had to say.
Malwarebytes was alerted by respected security researcher at Google Tavis Ormandy about vulnerabilities on the consumer version of Malwarebytes Anti-Malware. Yes, that is the same Tavis Ormandy who tore Trend Micro a new one last month. Malwarebytes fixed some of the bugs server-side within days but it is still testing patches for client side vulnerabilities which will be released in the next few weeks.
While it appears the security flaws are not too severe, Malwarebytes is still warning customers to take extra precautions. Users on the Premium version of Malwarebytes Anti-Malware should enable self-protection under 'settings' to mitigate all the vulnerabilities in question.
Malwarebytes founder and CEO Marcin Kleczynski added:
Unfortunately, vulnerabilities are the harsh reality of software development. In fact, this year alone, our researchers have found and reported several vulnerabilities with other software. A vulnerability disclosure program is one way to accelerate the discovery of these vulnerabilities and empower companies like Malwarebytes to fix them.
The company has used this experience to create new processes and methodologies to better assess weaknesses in its products.
[Via Malwarebytes blog]