Fixed issues in F-Secure Linux and Windows EPP products
With regards to vulnerabilities in our Windows and Linux endpoint protection products reported by RACK911 Labs in this post from 20 April, 2020 https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software we would like to confirm that these issues have been fixed in 2018 soon after the research team had reported them to us.
The Linux vulnerability was reported in August 2018, fixed in October 2018 and an external security advisory published here: https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2018-3 . The Windows vulnerability was reported in October 2018. A fix was released and automatically applied in November 2018. As no user action was required and due to the low severity no external security advisory was released.
RACK911 Labs reported both issues to us as part of our bug bounty program. We invite such research to help improving our products and like to thank the research team for bringing these issues to our attention.
Update: After further investigation, Linux Security team has fixed the issues related to the RACK911 Labs blog post.
This vulnerability affects F-Secure Linux Security 11-series and F-Secure Linux Security 64.
Please find the latest Security Advisory related to this issue here: https://www.f-secure.com/en/business/support-and-downloads/security-advisories/fsc-2020-2