Gaping security hole found in Norton antivirus engine

source : http://www.techradar.com

It’s affects Symantec security products across the board


It seems there’s a major hole in the core Symantec antivirus engine which is used across the company’s main security products including the Norton range, although the firm has (unsurprisingly) moved quickly to address this issue.

The flaw was discovered by renowned white hat security expert Tavis Ormandy (who is part of Google’s Project Zero team), with the AV engine being susceptible to a crafted and malformed portable-executable (PE) header file, capable of causing a buffer overflow.

Such a file could potentially be delivered via an email attachment or a malicious website, and successful exploitation will result in a Blue Screen of Death system crash.

On OS X and Linux machines, the attacker can gain root access via a remote heap overflow, and as for Microsoft’s operating system, Ormandy notes: “On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get.”

As mentioned, Symantec has been quick to react, with software already being patched via LiveUpdate. If LiveUpdate has run recently on your machine(s), you should have the fix.

If you’re not sure whether your security product has been updated, then you can manually fire up LiveUpdate to download the patched engine. Simply navigate to LiveUpdate in the interface, and run it until all available updates are installed.

Make sure you’re covered, though, as this is a nasty little glitch.

Ormandy has been responsible for finding a number of vulnerabilities across all manner of security products, including the likes of Trend Micro, Sophos and Malwarebytes.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s