An attacker could potentially replace the signature file. That opens the possibility for a man-in-the-middle attack, Ormandy said in an advisory. Google researcher Tavis Ormandy uncovered several issues with the Anti-Malware product, including that it doesn't use encryption when downloading fresh signatures. "While these things happen, they shouldn’t happen to our users," he wrote. Kleczynski apologized, saying vulnerabilities are a reality that come with software development.
0 Comments
Leave a Reply. |