On 22nd June 2015, ESET released an update that fixes a vulnerability in scanning engine related to code emulation. The discovery was made by Google’s Project Zero team and published on 23rd June 2015. The vulnerability was found in the emulation routine used in a particular scanner for a specific malware family.
It didn’t affect the core emulation engine.
ESET reacted immediately and released the update over the weekend, a mere three days after notification, a full 87 days sooner than Google Project Zero's standard 90-day disclosure period.
ESET customers will be protected automatically from this vulnerability without the need to perform any manual action. The fix has been delivered to all clients through regular updates that are enabled by default in all of our products.
ESET continually performs code refactoring in order to improve efficiency and quality of products. As a result,
this vulnerability was already not present in ESET’s pre-release engine. Pre-release updates give access to the most recent detection methods and fixes and are available to everybody. In order to achieve maximum reliability, ESET uses specialized tools, runs multiple code reviews and gradually deploys mitigations to make the code more robust.
ESET is a global company with research facilities around the world. Protecting customers is always the first priority.