Security Alert: Symantec and Norton Vulnerabilities
According to Tavis, who discovered the vulnerabilities, the flows don’t even need any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. “In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
The list of vulnerable solutions in Symantec enterprise line includes 17 items. These items had been posted as a security advisory on Symantec website a bit earlier than Tavis’ post was published.
What is the danger?
Whoever could exploit one vulnerability in Symantec’s product by just emailing a file a link to a victim. Antivirus software cannot detect the malware until the executable is decompressed. Symantec decompressed files in the operating system’s kernel. It gave the malware hidden in an executable file an opportunity to gain complete access to the computer running the operating system. And, as Tavis said, the user didn’ot need to open or click the link. The wormable vulnerability lets an attacker easily compromise individual user data or the data of the entire enterprise.
If you are using one of Symantec products, it’s the time to update it right now. Symantec has already released updates of the products through the live updates, but not of all. To close the vulnerabilities, some Symantec products should be updated manually. Learn Symantec’s advisory to update the product that you are using.