Newly discovered flaws in Symantec’s antivirus software include a vulnerability that allows an attacker to remotely corrupt a computer’s memory, according to Google.
Researcher Tavis Ormandy spotted a number of vulnerabilities in 25 Norton and Symantec products that he says “are as bad as it gets.” Simply emailing a file to a victim or sending them a link to an exploit is enough to trigger it; the victim doesn’t even need to open the file or interact with it in any type of way.
Google’s Project Zero security team published an analysis of the flaws on its blog, detailing how serious they are because they affect the entire Symantec product line. The team searches for “zero-day” code flaws and gives companies 90 days to fix them. In Symantec’s case, Ormandy said the antivirus company did resolve the bugs quickly.
However, in one case, Ormandy found a buffer overflow in the company’s “unpacker,” which searches for hidden trojans and worms.
“Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences,” Ormandy said. “An attacker could easily compromise an entire enterprise fleet.”
As a result, Ormandy built and released his own exploit to further help Symantec develop an effective solution. He refers to it as a “100 percent reliable exploit, effective against the default configuration in Norton Antivirus and Symantec Endpoint [and] exploitable just from email or the web.”
The bugs affect Norton Antivirus on Mac and Windows, Endpoint, and many other Symantec products. As mentioned, the repairs have already been made and in many cases, users will receive the updates automatically. However, Google’s Project Zero did note “some of these products cannot be automatically updated, and administrators must take immediate action to protect their networks.”
Via Engadget
Advertisement
Learn more about Electronic Products Magazine
