The Antivirus firm Malwarebytes is spending a significant effort to fix serious vulnerabilities in its defense solution that was reported by the experts at the Googles Project Zero team. The experts at Project Zero discovered that updates for Malwarebyte were not digitally signed or downloaded over a secure HTTP connection, opening the user to Man-In-The-Middle attacks. An attacker could manipulate the updates hacking the Antiveirus solutions. The company has launched a Bug Bounty program which will help the company to early discover any flaw in their software.”]
Source: https://securityaffairs.co/wordpress/44226/hacking/malwarebytes-antivirus-flaw.html

