Mr. Kristian Erik Hermansen, a security researcher based in Los Angeles, USA, found one zero-day bug στο antivirus FireEye, μαζί με τρία άλλα τρωτά σημεία, τα οποία σύμφωνα με το λογαριασμό του στο Twitter, είναι πλέον προς πώληση.
Despite the fact that a security researcher putting out the vulnerabilities for sale flirts with crime, it may perhaps be Mr Hermansen's only way to draw the company's attention to these errors, which, according to the electronic exchange messaging with Jumping, have been ignored by FireEye the last 18 months !!.
According to her announcement Exploit Database, the zero-day vulnerability provides "unauthorized access to the remote root file system" to affected applications FireEye.
The flaw is in a PHP script that runs on a web page that sees the Apache server. The zero-day vulnerability, which can be caused remotely when used, and provides attackers with access to local files.
The other vulnerabilities are basically injection commands and connection bypass errors. No additional details have been posted about them, but o Mr. Hermansen said that it will sell the vulnerability to the highest bidder.
FireEye, in general, is most misty and perhaps hatered by most security researchers, since last year sacked a security specialist to notify the public to vulnerabilities in the FireEye Malware Analysis System (MAS).