A slight but not entirely harmless vulnerability in several F-Secure products and the business version WithSecure allows attackers to crash the programs. F-Secure actually distributes the patches automatically.
According to the portal heise.de, the products from F-Secure and the new business brand WithSecure have a vulnerability. Attackers could crash the scan engine in F-Secure products, preventing detection. WithSecure's product, the effects of an attack sound worse, since it should be possible to delete local data and bypass the protective measures. But: such an attack is only possible through a local attack.
Patches quickly close the vulnerability
The whole scenario with all vulnerabilities found is considered "medium" in terms of risk assessment. The Finnish software manufacturer announced that the three vulnerabilities (CVE-2022-28876, CVE-2022-28878, CVE-2022-28879″) have now been patched. According to F-Secure, the distributed security patches (Capricorn database 2022-07-04_09, 2022-07-11_07) install themselves automatically.
According to F-Secure, the following products are affected by the vulnerability: All WithSecure endpoint protection products as well as F-Secure Linux Security (32-bit), F-Secure Linux Security (64-bit), F-Secure Atlant, F-Secure Internet Gatekeeper , WithSecure Cloud Protection for Salesforce and WithSecure Collaboration Protection. F-Secure states that no exploit that specifically targets the vulnerability has surfaced so far. Therefore, no attack is known.
More at F-Secure.com
Via F-Secure Nobody has a better insight into real cyberattacks than F-Secure. We bridge the gap between detection and response. To do this, we leverage the unmatched threat expertise of hundreds of the best technical advisors in our industry, data from millions of devices using our award-winning software, and ongoing innovations in artificial intelligence. Leading banks, airlines and corporations trust our commitment to fight the world's most dangerous cyber threats. Together with our network of top channel partners and over 200 service providers, it is our mission to provide all of our customers with tailored, enterprise-grade cybersecurity. F-Secure was founded in 1988 and is listed on NASDAQ OMX Helsinki Ltd.