The Federal Government has issued a warning to consumers about potentially critical vulnerabilities found in anti-virus software from Norton and Symantec, two of the most popular brands in the online security industry.
Symantec uses the same core engine in its anti-virus products for both consumer and enterprise products, which means information on millions of PCs including those running on corporate and government networks could be at risk.
Due to its status as a top security product, which gives Symantec access to the inner workings of your computer, the spread of a virus throughout an entire network of computers is entirely possible, according to the federal alert. Simply getting an email with an infected file on a computer, or accessing a link to an infected site, could put a whole network of computers at risk.
All anti-virus products under the Symantec and Norton brands “contain multiple vulnerabilities,” according to the alert issued by a division of the U.S. Department of Homeland Security.
The warning states:
“Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. … The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities … make this a very serious event.”
The products at risk include but are not limited to:
- Norton Antivirus (Mac, Windows)
- Symantec Endpoint (Mac, Windows, Linux, UNIX)
- Symantec Scan Engine (All Platforms)
- Symantec Cloud/NAS Protection Engine (All Platforms)
- Symantec Email Security (All Platforms)
- Symantec Protection for SharePoint/Exchange/Notes/etc (All Platforms)
- All other Symantec/Norton Carrier, Enterprise, SMB, Home, etc antivirus products.
The security risk was first discovered by Google’s team of security analysts at Project Zero. "These vulnerabilities are as bad as it gets," Tavis Ormandy, a security researcher at Project Zero who discovered the flaws, told Tech Times. "A hacker could easily compromise an entire enterprise fleet."
The Project Zero team posted on its website: “Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.”
The Project Zero team went on to say that Symantec was using code from open source libraries like libmspack and unrarsrc, but had not updated them in at least seven years. In order to stay on top of potential threats, code is typically updated on a regular and ongoing basis. Symantec admitted it had fallen behind on update releases and is addressing the problem.
No reports have come out that hackers had taken advantage of the problem, but they also might not have been caught just yet. Symantec has since patched all reported problems and issued some software updates since the warning, so in the meantime, the US government urges all users of these anti-virus software products to update their systems with the latest software updates available.
Visit our forum for more discussions on this security flaw.