SB2017091816 - Backdoor in CCleaner
Published: September 18, 2017
Security Bulletin ID
SB2017091816
Severity
Critical
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Backdoor (CVE-ID: N/A)
CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 were shipped with a backdoor code from official vendor’s website. The incident was detected on September 12.The malicious version was released on August 15. Users, who downloaded CCleaner between August 15 and September 12, are affected.
Remediation
Install update from vendor's website.