Carbon Black, a company that specializes in endpoint security and antivirus products, has discovered a corner-case bug that may have affected 10 of its Cb Response incident response and threat hunting software customers, according to a prepared statement. The company has remediated the bug, notified the 10 potentially affected customers and posted a security bulletin.
The corner-case bug was introduced in April and affects users of Cb Response sensor versions 5.2.7+ and 6.0.4+, Carbon Black stated. To trigger the bug, the following conditions must occur:
- Cb Response must be installed on macOS.
- A Cb Response sensor must be configured to collect modloads, retrieve a copy of all binaries and upload unknown binaries to the software's multi-scanner.
- A Cb Response content file must be opened for processing and marked as "executable" either via permissions or when mapped into memory.
- Processing must take place during system initialization or high file input/output volume.
Within 24 hours of discovering the bug, Carbon Black took steps to prevent content files from being uploaded to the Cb Response multi-scanner, the company indicated. In addition, these files were removed from the multi-scanner's repository.
DirectDefense, an MSP that provides information security services, earlier this month found Cb Response data leaks, the company said in a prepared statement. However, Carbon Black responded to DirectDefense's claims, noting the company "incorrectly asserts an architectural flaw in Cb Response that leaks customer data," co-founder Michael Viscuso stated.