Symantec squashes antivirus bug

Symantec Corp. has patched a widely reported flaw in the English versions of its corporate antivirus software.

The flaw, which affects recent versions of its Client Security and Antivirus Corporate Edition products is considered serious, and could be exploited by hackers to run unauthorized software on unpatched PCs.

It was discovered by rival security vendor eEye Digital Security Inc. and first disclosed last Wednesday. Three days later, Symantec patched the problem, according to an alert published Saturday on Symantec’s Web site.

The patches are for English language versions of Symantec’s products only, and a Symantec spokesman could not say when the complete line of products would be patched.

Symantec did not release many details on the flaw, but eEye has warned that it is the kind of vulnerability that could be used to build a self-replicating worm attack, similar to the Blaster and Slammer outbreaks of 2003.

That has not happened to date, and Symantec is “not aware of any customers impacted by this vulnerability, or of any exploits of this vulnerability,” the alert said.

The problem affects version 3.0 and above of Client Security, and version 10 and above of Antivirus Corporate Edition. Symantec’s Norton line of consumer antivirus products are not affected.

A number of other flaws have been reported in Symantec’s security products over the past year. Last December, researcher Alex Wheeler discovered a flaw in Symantec’s Antivirus Library that could allow remote attackers to gain control of systems that used Symantec’s products. Research about the flaw can be found at this Web site.

In October a critical flaw was found in the company’s Scan Engine software. Information about the flaw can be found at this Web site.

EEye’s note on the flaw can be found at this Web site.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now