CA Works On Patches For 10 Critical Bugs In Backup SoftwareCA Works On Patches For 10 Critical Bugs In Backup Software

CA said it's already working on patches for 10 critical vulnerabilities in its client-side backup software that were recently made public.

On Wednesday, eEye Digital Security posted an alert that its researchers had discovered the flaws. They found the first flaw in CA's ARCserve Backup for Laptops & Desktops a few weeks ago. After that, Marc Maiffret, co-founder and CTO of the security company, said in an interview with information that eEye kept digging deeper and finding more flaws.

A spokesman for CA said in an e-mail on Thursday that the software company had previously known about the flaws and had already started working on patches for them.

"CA takes software quality very seriously," he wrote in the e-mail. "These vulnerabilities, however, should be viewed in the appropriate context. All software vendors, including CA, must address vulnerabilities as software becomes more prevalent in an increasingly networked world. CA works continuously to proactively identify and address vulnerabilities that are discovered through internal processes and by external security researchers. The fact that we discovered these issues during our own internal review process underscores the effectiveness of that process."

In an interview on Wednesday, Maiffret said his researchers had never discovered so many flaws at one time in one piece of software. "We got looking at one and it just became a landslide," he said. Maiffret also said he notified CA of the bugs within the past week. "It just kept going and going and going. The software is just that bad, basically."

Maiffret said all of the bugs are buffer overflow flaws, and each one received eEye's highest threat rating, since they all allow remote execution.