On February 18, 2022, a critical security vulnerability was discovered in various zebNet products.
Due to missing and/or insufficient encryption measures in the affected products, a man-in-the-middle attack (MITM) might be possible within the update process of the affected applications.
As a result of this vulnerability, an attacker could theoretically infiltrate the customer system and execute arbitrary code with administrator privileges by manipulating the update process of the affected product.
On February 19, 2022, within a response time of less than 24 hours, zebNet released bug fixed versions for all affected products that are currently under support. Customers that are using an affected product are urgently advised to immediately install the bug fixed version.
Among other things, the bug fixed versions contain increased encryption modules and new signature verification procedures that help to avoid similar security vulnerabilities.
Active exploitation of this security vulnerability is not known to zebNet, so this is purely a precautionary measure.
Bug fixed versions of the affected products are available for download at:
https://www.zebnet.co.uk/support/downloads
List of affected products:
- MailShelf Basic
- MailShelf Standard
- MailShelf Pro
- MailShelf Server
- MailShelf Client
- Backup for Chrome 5.0
- Backup for Chrome 6.0
- Backup for Firefox 5.0
- Backup for Firefox 6.0
- Backup for Internet Explorer 5.0
- Backup for Internet Explorer 6.0
- Backup for Opera Browser 5.0
- Backup for Opera Browser 6.0
- Backup for Pale Moon 6.0
- Backup for SeaMonkey 5.0
- Backup for SeaMonkey 6.0
- Backup for IncrediMail 5.0
- Backup for IncrediMail 6.0
- Backup for Live Mail 5.0
- Backup for Live Mail 6.0
- Backup for Outlook 5.0
- Backup for Outlook 6.0
- Backup for Postbox 5.0
- Backup for Postbox 6.0
- Backup for Thunderbird 5.0
- Backup for Thunderbird 6.0
- Backup for eM Client 5.0
- Backup for eM Client 6.0
- Backup for Mailbird 5.0
- Backup for Mailbird 6.0
- Backup for The Bat 5.0
- Backup for The Bat 6.0
- Backup for Vivaldi 5.0
- Backup for Vivaldi 6.0
- Backup for Waterfox 6.0
- Any product of the generation 2011
- Any product of the generation 2012
- Any product of the generation TNG (v4.0)