Malwarebytes

Malwarebytes, a well-known endpoint security and antimalware software provider, has a high-severity vulnerability (CVSS 7.8) that requires local access and low-level user privileges to exploit, with no user interaction needed, potentially allowing an attacker to compromise system confidentiality, integrity, and availability. The vulnerability was reported in late February 2024 with a vendor patch deadline of June 28, 2024. Security teams should prioritize patching Malwarebytes installations and monitor for any suspicious local privilege escalation attempts targeting this product once the advisory is publicly disclosed.