Cylance Protect AV vulnerability patched

News by Doug Olenick

Cylance has patched a vulnerability in the antivirus product that allowed attackers bypass the system's machine learning algorithm and insert suspect code

Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently-disclosed vulnerability in Cylance Protect.

Security researchers at Australia-based Skylight Cyber said last month that they found a way to hoodwink system’s machine learning algorithm and inserted code from a benign file that’s been previously marked as safe.

The vulnerability note, VU#489481, said that prior to a 21 July, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files. Security researchers found that this was done by isolating specific properties in the machine learning algorithm allowed them to change most known malicious files.

"Several common malware families, such as Dridex, Gh0stRAT, and Zeus, were reported as successfully modified to bypass the Cylance product in this way. The success rate of the bypass is reported as approximately 85 percent of malicious files tested," the note said.

Cylance has deployed a patch fixing the problem and any systems that have connected to the service since 21 July have been updated.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews