By Eduard Kovacs on February 17, 2016
Researchers at Germany-based Blue Frost Security discovered a high severity vulnerability in FireEye products that allowed malicious actors to bypass the company’s detection engine and temporarily whitelist malware.
The vulnerability was reported to FireEye in September 2015 and it was patched the next month with the release of FireEye Operating System (FEOS) updates. However, in mid-January, FireEye asked Blue Frost to postpone its initial disclosure date by 30 days because many customers had still not applied the updates.
The flaw is related to FireEye’s Virtual Execution Engine (VXE), a system used by the company’s products to performs dynamic analysis on files. The list of affected products includes FireEye Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX).
full article here:
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.