 |
 |
Oh, here's the article text for anyone who would rather not click on the link (sorry, I should have know better) -- Google's Project Zero team has discovered a heap of critical vulnerabilities in Symantec and Norton security products. The flaws, the team says, allow hackers to completely compromise people's machines by simply sending them malicious self-replicating code through unopened emails or un-clicked links. According to a Fortune report, the vulnerabilities affect millions of people who run the company's endpoint security and antivirus software -- all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand). Dan Goodin, reporting for Ars Technica: 'The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they're allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Tavis Ormandy, a researcher with Google's Project Zero, said a better design would be for unpackers to run in a security "sandbox," which isolates untrusted code from sensitive parts of an operating system.' At Wed 29 Jun 2016 10:55:27 AM EDT, David McFarlane wrote: > This just in from Slashdot: > > https://it.slashdot.org/story/16/06/29/1032210/google-found-disastrous-symantec-and-norton-vulnerabilities-that-are-as-bad-as-it-gets > > How does this affect us? > > -- dkm