Malwarebytes Anti-Exploit Upgrade Mechanism Vulnerable to MitM Attacks

Discussion in 'other anti-malware software' started by ronjor, Dec 12, 2014.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,776
    Location:
    Texas
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Wow, this is a bit painful, but I always turn off auto update in any app.
     
  3. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    394
    Location:
    The Netherlands
    If I read the article correctly the upgrade mechanism was vulnerable but that is no longer the case with the recent builds.
     
  4. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,170
    Location:
    USA
    That's correct. It was fixed in MBAE 1.04. So unless you have 1.03 you are not vulnerable. Current version is 1.05.
     
  5. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    142
    "The upgrade mechanism in OLDER versions of Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit"

    People now do not read more than one line of text , and it was on the first line! :D
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    While I can't speak for Malwarebytes Anti-Exploit or MBAE, Malwarebytes Anti-Malware has an internal update mechanism that prevents older versions from being maintained and run.

    The current MBAM software is not vulnerable to MitM or Man-in-the-middle attack attacks.
     
Loading...