Malwarebytes Anti-Malware v2.2.0 Vulnerability Disclosure

All Malwarebytes Premium v2.2.0.1024 users are being advised to enable their Chameleon self-protection module (Settings | Advanced Settings | Enable self-protection module) while a bug fix is being tested for a vulnerability that could expose users to a Man-in-the-Middle attack and allow an attacker to replace the malware signature file.  From the 01-Feb-2016 entry Malwarebytes Anti-Malware Vulnerability Disclosure in the Malwarebytes Unpacked security blog:

"In early November, a well-known and respected security researcher by the name of Tavis Ormandy alerted us to several security vulnerabilities in the consumer version of Malwarebytes Anti-Malware.  Within days, we were able to fix several of the vulnerabilities server-side and are now internally testing a new version (2.2.1) to release in the next 3-4 weeks to patch the additional client-side vulnerabilities...

Consumers using the Premium version of Malwarebytes Anti-Malware should enable self-protection under settings to mitigate all of the reported vulnerabilities."

Further information, including a link to Tavis Ormandy's Google Security Research advisory (Issue 174), can be found in the PCWorld article Malwarebytes still fixing flaws in antivirus software.
-------------
32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS (2014) v21.7.0.11 * MBAM Premium v2.2.0