Security devices usually have a sense of defense surrounding them, after all they are supposed to be one step in a layer of defense mentality.
But when that device has a flaw, they need a quick fix.
The product is a security gateway designed to protect companies against malware and other risks by inspecting web traffic content, said Daniel Compton of Info-Assure Ltd., who found the vulnerabilities. The firm urged all users to upgrade to version 4.0.4 to mitigate the flaw, which it hasn’t detailed in full because of responsible disclosure.
“Once the vulnerability has been patched we will not disclose the exact details or exploitation methods for the vulnerability for three months,” Compton said. This gives all users of the product sufficient time to ensure they have updated their products and are protected against the issue.”
Info-Assure discovered the bug June 25 and reported it to the Cambridge-based security vendor on June 30. The vendor fixed the flaw by issuing a patch (4.0.4) on July 15.