Wormhole in Symantec antivirus

Symantec Corp last week confirmed that its corporate desktop security software contains a vulnerability that could let hackers or worms compromise computers on which it is running.

The flaw, found by eEye Digital Security Inc, affects the latest versions of Symantec Antivirus 10.x

and Symantec Client Security, the enterprise versions of Symantec’s market-leading security software.

According to eEye, the vulnerability could be exploited to enable arbitrary code execution without any user action required. In other words, hackers could break in and run whatever they want, potentially without the user being any the wiser.

The company made the alert as one of its periodic Upcoming Advisories, a page of its web site where it tries to get vendors to issue patches quickly by alerting the public to the fact that a vulnerability exists. eEye does not disclose any information that could be used by the bad guys.

The possibility of a worm that leverages the vulnerability raises its head. But there’s no evidence at present that any bad actors know anything about the vulnerability other than the fact it exists.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing