Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Critical vulnerability in Zemana 2.0 products and not only
Message
<blockquote data-quote="military" data-source="post: 798389" data-attributes="member: 2141"><p><strong><span style="font-size: 18px">Update Logic Mishandle in Zemana AntiMalware 2.0: Fixed</span></strong></p><p></p><p>Yes, it is true we that there was a critical vulnerability discovered in ZAM 2.0 update integrity check. Some of you probably read about it in one of the threads on <a href="https://malwaretips.com/threads/critical-vulnerability-in-zemana-2-0-products-and-not-only.90495/#post-798255" target="_blank">Malware Tips</a> or other websites.</p><p>However, keep in mind that this vulnerability is not and never was present in our Zemana AntiMalware 3.0 Beta version.</p><p>In this blog post, we want to share with you the resolution to this concern. Yesterday, we fixed the issue and released a new update of ZAM 2.0, where we successfully fixed the update logic mishandle.</p><p>In the text below, you can find more information.</p><p><span style="font-size: 22px"><strong>Update Integrity Check Vulnerability</strong></span></p><p>A remote code execution vulnerability has been discovered related to update file integrity check. This vulnerability, caused by mishandling update logic, resulted in Zemana AntiMalware version 2.74.2.150 providing a weaker security than expected.</p><p>It allowed man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. Due to this flaw, a remote attacker (only on the same network) could launch further attacks on the system by bypassing applications update file integrity check and executing any file with system rights.</p><p>This vulnerability has been assigned the CVE identifier <strong><a href="https://www.cvedetails.com/cve/CVE-2019-6440/" target="_blank">CVE-2019-6440</a></strong></p><p><span style="font-size: 22px"><strong>ZAM 2.0 New Update</strong></span></p><p>Some of you are probably still concerned or wondering if the vulnerability still exists, but we assure you there is no need to worry because we successfully fixed it.</p><p>In order to resolve the issue and improve our product, we released a new update of Zemana AntiMalware 2.0, which includes fixes for this vulnerability.</p><p>You can download it here.</p><p><span style="font-size: 22px"><strong>What About ZAM 3.0?</strong></span></p><p>As mentioned above, there never was an update logic mishandle or any critical vulnerabilities in our latest Zemana AntiMalware 3.0 Beta version. You can check out our release notes <a href="https://www.zemana.com/whats-new?ProductID=2" target="_blank">here</a> and see what’s new in ZAM 3.0.</p><p>If you have any questions or concerns related to this vulnerability or anything else, know that you can always contact us at: <strong><a href="mailto:support@zemana.com">support@zemana.com</a></strong>. Our team members will be happy to talk to you and help you out.</p><p></p><p>[URL unfurl="true"]https://blog.zemana.com/zemana-antimalware-before-3-0-658-beta-mishandles-update-logic/[/URL]</p><p></p><p></p><p>Perfectly. Thanks for the fix...</p></blockquote><p></p>
[QUOTE="military, post: 798389, member: 2141"] [B][SIZE=5]Update Logic Mishandle in Zemana AntiMalware 2.0: Fixed[/SIZE][/B] Yes, it is true we that there was a critical vulnerability discovered in ZAM 2.0 update integrity check. Some of you probably read about it in one of the threads on [URL='https://malwaretips.com/threads/critical-vulnerability-in-zemana-2-0-products-and-not-only.90495/#post-798255']Malware Tips[/URL] or other websites. However, keep in mind that this vulnerability is not and never was present in our Zemana AntiMalware 3.0 Beta version. In this blog post, we want to share with you the resolution to this concern. Yesterday, we fixed the issue and released a new update of ZAM 2.0, where we successfully fixed the update logic mishandle. In the text below, you can find more information. [SIZE=6][B]Update Integrity Check Vulnerability[/B][/SIZE] A remote code execution vulnerability has been discovered related to update file integrity check. This vulnerability, caused by mishandling update logic, resulted in Zemana AntiMalware version 2.74.2.150 providing a weaker security than expected. It allowed man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. Due to this flaw, a remote attacker (only on the same network) could launch further attacks on the system by bypassing applications update file integrity check and executing any file with system rights. This vulnerability has been assigned the CVE identifier [B][URL='https://www.cvedetails.com/cve/CVE-2019-6440/']CVE-2019-6440[/URL][/B] [SIZE=6][B]ZAM 2.0 New Update[/B][/SIZE] Some of you are probably still concerned or wondering if the vulnerability still exists, but we assure you there is no need to worry because we successfully fixed it. In order to resolve the issue and improve our product, we released a new update of Zemana AntiMalware 2.0, which includes fixes for this vulnerability. You can download it here. [SIZE=6][B]What About ZAM 3.0?[/B][/SIZE] As mentioned above, there never was an update logic mishandle or any critical vulnerabilities in our latest Zemana AntiMalware 3.0 Beta version. You can check out our release notes [URL='https://www.zemana.com/whats-new?ProductID=2']here[/URL] and see what’s new in ZAM 3.0. If you have any questions or concerns related to this vulnerability or anything else, know that you can always contact us at: [B][email]support@zemana.com[/email][/B]. Our team members will be happy to talk to you and help you out. [URL unfurl="true"]https://blog.zemana.com/zemana-antimalware-before-3-0-658-beta-mishandles-update-logic/[/URL] Perfectly. Thanks for the fix... [/QUOTE]
Insert quotes…
Verification
Post reply
Top