AV vendor Malwarebytes has claimed that vulnerabilities in its products discovered by Google’s Project Zero team back in early November will not be ready for another three or four weeks despite being made public.
CEO and founder of the company, Marcin Kleczynski, revealed in a
blog post on Monday that it managed to plug several server-side holes alerted by well-known researcher Tavis Ormandy “within days.”
However, the client-side issues appear to be taking longer than expected, with Malwarebytes currently testing a new product version (2.2.1) which will be made available within a month to fix the vulnerabilities.
“The research seems to indicate that an attacker could use some of the processes described to insert their own code onto a targeted machine. Based on the findings, we believe that this could only be done by targeting one machine at a time,” explained Kleczynski.
“However, this is of sufficient enough a concern that we are seeking to implement a fix. Consumers using the Premium version of Malwarebytes Anti-Malware should enable self-protection under settings to mitigate all of the reported vulnerabilities.”
