Geeks for your information Security Security Vendors Zemana
Update Logic Mishandle in Zemana AntiMalware 2.0: Fixed
Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Update Logic Mishandle in Zemana AntiMalware 2.0: Fixed
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 12,797
Threads: 8,840
Thanks Received: 8,732 in 6,893 posts
Thanks Given: 9,634
Joined: 12 September 18
#1
Information  14 February 19, 12:28 (This post was last modified: 14 February 19, 19:41 by harlan4096.)
Quote:Yes, it is true we that there was a critical vulnerability discovered in ZAM 2.0 update integrity check. Some of you probably read about it in one of the threads on Malware Tips or other websites.

However, keep in mind that this vulnerability is not and never was present in our Zemana AntiMalware 3.0 Beta version.

In this blog post, we want to share with you the resolution to this concern. Yesterday, we fixed the issue and released a new update of ZAM 2.0, where we successfully fixed the update logic mishandle.

In the text below, you can find more information.

Update Integrity Check Vulnerability

A remote code execution vulnerability has been discovered related to update file integrity check. This vulnerability, caused by mishandling update logic, resulted in Zemana AntiMalware version 2.74.2.150 providing a weaker security than expected.

It allowed man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. Due to this flaw, a remote attacker (only on the same network) could launch further attacks on the system by bypassing applications update file integrity check and executing any file with system rights.

This vulnerability has been assigned the CVE identifier CVE-2019-6440

ZAM 2.0 New Update

Some of you are probably still concerned or wondering if the vulnerability still exists, but we assure you there is no need to worry because we successfully fixed it.
In order to resolve the issue and improve our product, we released a new update of Zemana AntiMalware 2.0, which includes fixes for this vulnerability.
You can download it here.

What About ZAM 3.0?

As mentioned above, there never was an update logic mishandle or any critical vulnerabilities in our latest Zemana AntiMalware 3.0 Beta version. You can check out our release notes here and see what’s new in ZAM 3.0.
If you have any questions or concerns related to this vulnerability or anything else, know that you can always contact us at: support@zemana.com. Our team members will be happy to talk to you and help you out.
Original source: https://blog.zemana.com/zemana-antimalwa...ate-logic/
[-] The following 3 users say Thank You to harlan4096 for this post:
  • Deep900, jasonX, silversurfer
Find
Reply
jasonX Offline
Administrator
*******
Posts: 1,483
Threads: 354
Thanks Received: 6,091 in 1,472 posts
Thanks Given: 1,117
Joined: 14 August 18
#2
14 February 19, 19:40
Great information! Thanks so much!
[-] The following 2 users say Thank You to jasonX for this post:
  • harlan4096, silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AdGuard for Mac 2.14
AdGuard for Mac 2....harlan4096 — 09:03
AdGuard VPN for Mac 2.3
AdGuard VPN for Ma...harlan4096 — 08:58
INTEL Arc Graphics 31.0.101.5444
INTEL Arc Graphics...harlan4096 — 08:56
AMD “Strix Halo” Zen5 & RDNA3.5 premium ...
AMD first ultra-hi...harlan4096 — 08:54
Malwarebytes 5.1.3.110
Malwarebytes 5.1.3...Mohammad.Poorya — 00:51

[-]
Birthdays
Today's Birthdays
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
Upcoming Birthdays
avatar (43)wapedDow
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo

[-]
Online Staff
There are no staff members currently online.

>