Google Found Disastrous Symantec and Norton Vulner

Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'

An attacker’s unopened email is enough to compromise you.






Google’s “project zero” team, a group of security analysts tasked with hunting for computer bugs, discovered a heap of critical vulnerabilities in Symantec ( SYMC 0.90% ) and
Norton security products. The flaws allow hackers to completely compromise people’s machines simply by sending them malicious self-replicating code through unopened emails or un-clicked links.

The vulnerabilities affect millions of people who run the company’s endpoint security and antivirus software, rather ironically to protect their devices. Indeed, the flaws rendered all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand) open to attack.

In the words of Tavis Ormandy, an English hacker who works on the Google ( GOOG 1.74% ) team: “These
vulnerabilities are as bad as it gets”—and have “potentially devastating consequences.”


“An attacker could easily compromise an entire enterprise fleet using a vulnerability like this,” Ormandy writes on a Google blog. “Network administrators should keep scenarios like this in mind when deciding to deploy Antivirus, it’s a significant tradeoff in terms of increasing attack surface.”

Ormandy’s post published soon after Symantec issued advisories of its own, which credit him for reporting the bugs. “An attacker could potentially run arbitrary code by sending a specially crafted file to a user,” the notice warns, before mentioning that the company has “verified these issues and addressed them in product updates.”



Edited by DST4ME - 29 Jun 2016 at 2:17am