Malware

Cylance Protect AV vulnerability patched

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently disclosed vulnerability in Cylance Protect.

The vulnerability note, VU#489481, said that prior to a July 21, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files. Security researchers found that this was done by isolating specific properties in the machine learning algorithm allowed them to change most known malicious files.

“Several common malware families, such as Dridex, Gh0stRAT, and Zeus, were reported as successfully modified to bypass the Cylance product in this way. The success rate of the bypass is reported as approximately 85 percent of malicious files tested,” the note said.

Cylance has deployed a patch fixing the problem and any systems that have connected to the service since July 21 have been updated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.