We decidedly don’t always turn to Google for security advice, but the company is here again, calling out the users of popular services from Norton and Symantec itself.
A report, which was recently published indicates that the users of Symantec services are more at a risk now than when not using them. The complete list of affected products comes courtesy of Symantec and includes Norton’s Antivirus, 360 and Internet Security, as well as enterprise software.
The reason for that is simple. All of these products use the same core engine. “These vulnerabilities are as bad as it gets,” writes Tavis Ormandy for Google. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
The gist of the problem lies in the unpacking process of files. Symantec products by nature unpack these files within the operating system’s kernel. So if a malicious code slips by, it would be possible for the hacker to take over this fundamental part, and possibly thereafter, the operating system itself.
It is also not necessary for the user to unpack these files even, as the software unpacks and scans them discreetly as soon as they’re made available. Fortunately, there hasn’t been an attack recorded so far making use of the exploit but that could be a matter of time.
Similar vulnerabilities have been found in other anti-virus products such as Kaspersky and ESET, too. The only logical thing to do right now is to make sure all your Symantec and Norton products are updated fully although, they may not just fix this flaw and other buffer overflows & memory corruptions.
