Previous Story
Google shames Symantec for security issues
Posted On Jul 06 2016
Comment: Off
Worst affected are Norton Antivirus for both Windows and Mac, including Norton 360, as well as a wide range of Symantec products such as Endpoint, Email Security and Protection Engine.
Symantec responded to the exposure by issuing a security notice detailing the issue, but it is not clear at the time of writing as to whether they have actually addressed the vulnerability at hand.
Critical security vulnerabilities have been found within Symantec and Norton products are “as bad as they get”, according to security researchers. But that’s not the point; it’s that vulnerabilities can and will be found in almost any security product, and that’s not necessarily a bad thing. “[The security flaws] don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible”, Ormandy wrote.
And he warned that while some of the affected programs can not be automatically updated, which means that system administrators must take immediate action to protect their networks.
Additionally, the advisory reveals whether which versions are affected by the security issues, and whether updates are provided for the products. The problem was that Symantec products were doing this unpacking in the operating system kernel itself (the fundamental layer of the operating system which coordinates everything else). Unfortunately, Symantec had failed to update the library versions and was using versions that were out-of-date by at least seven years.
“Symantec dropped the ball here”, Ormandy notes.
While this vulnerability doesn’t seem to have been exploited just yet, you should nonetheless keep a vigilant eye and mouse click out until Symantec pushes an update to its wares.
The vulnerability is within Symantec’s executable file unpacker, which is used to reverse executable files that are packed to reduce their file size, as well as in their decomposer library which is used to extract document metadata and embedded macros from files, such as Microsoft Office and Powerpoint files.
Symantec, however, has fixed the issues with its products after they were informed about the flaws by Ormandy – who published the blog post a day after the fixes were released. Companies and individuals pay lip service to the high-level concept of security, but only a handful of people can claim to understand the topic in comprehensive fashion.
Ormandy’s post appears to have been made shortly after Symantec put out its own advisory.
“An attacker could easily compromise an entire enterprise fleet using a vulnerability like this, Ormandy writes”.
