![]() ![]() ![]() The bogus warnings were frequently accompanied by system crashes on machines running Mac OS X. The glitch - triggered by a rogue virus definition update - left Mac users running various versions of NAV for Mac under the false impression that their swap files were infected with malware called "Hacktool.Underhand". false positive in Norton AntiVirus (NAV) for Macintosh left many Apple fans fearful that their machines had become infected with a Trojan last week. Kernel memory corruption in Symantec/Norton antivirus, CVE-2016-2208 (more patches soon). Shit is so bad someone can crash/infect you by just sending you an email. ![]() There aren't any known exploits in the wild, but it's reasonable to presume that Symantec wants to have everything up to date before would-be hackers develop an intrusion technique. The biggest concern surrounds software that requires a more conventional patching process. Its antivirus suites with LiveUpdate should already have a patch in place. The good news? Symantec is taking care of this relatively quickly. And on Windows, an attack compromises the kernel - you know, the very deepest level of the operating system. ![]() As Symantec is intercepting system input and output, you only need to email a file - the victim doesn't even need to read the email, just the act of AV scanning it is a trigger - or send a web link to wreck someone's day. The kickers are that it's both easy to launch the exploit and particularly vicious in most cases. If you use an early version of a compression tool to squeeze executables, you can trigger a memory buffer overflow that gives you root-level control over a system. Google's Tavis Ormandy has discovered a vulnerability in Symantec's antivirus engine (used in both Symantec- and Norton-branded suites) that compromises Linux, Mac and Windows computers. Security holes in antivirus software are nothing new, but holes that exist across multiple platforms? That's rare. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |