Fortinet Discovers Malwarebytes Local Privilege Escalation Vulnerability
Fortinet's FortiGuard Labs has discovered a security bypass issue in Malwarebytes.
Malwarebytes is an anti-malware software for Microsoft Windows, macOS and Android that is developed by Malwarebytes Corporation. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.
It has been discovered that MBAMChameleon driver of Malwarebytes allows access by unprivileged users. When this issue is exploited together with the vulnerability specified in FG-VD-17-004, an unprivileged user is able to send command to the vulnerable driver to terminate arbitrary process or escalate process privileges through some faulty IOCTL codes.
Users should apply the solution provided by Malwarebytes.
Fortinet reported the vulnerability to Malwarebytes on January 12, 2017.
Malwarebytes patched the vulnerability on May 10, 2017.
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.