High-severity bugs in 25 Symantec/Norton products imperils millions

TheRyuu · Jun 28, 2016

http://arstechnica.com/security/201...-wormable-attack-by-unopened-e-mail-or-links/

Quote from the article:

Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it - the victim does not need to open the file or interact with it in anyway. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.

An attacker could easily compromise an entire enterprise fleet using a vulnerability like this. Network administrators should keep scenarios like this in mind when deciding to deploy Antivirus, its a significant tradeoff in terms of increasing attack surface.

Project Zero blog post which is more technical and in depth.:
https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

HN discussion:
https://news.ycombinator.com/item?id=11998774

Elixer · Jun 29, 2016

It is moments like this where you wonder how Symantec got to be so huge with all these flaws.
They are in the security business, yet, they don't audit their own code?

Norton Security, Norton 360, and other legacy Norton products (All Platforms)
Symantec Endpoint Protection (All Versions, All Platforms)
Symantec Email Security (All Platforms)
Symantec Protection Engine (All Platforms)
Symantec Protection for SharePoint Servers
and more...

Captante · Jun 29, 2016

Noticed my Norton Security download & install a good-sized patch earlier today ... coincidence?

Anyway sucks that it takes these flaws being publicized before anything is done!

Phynaz · Jun 30, 2016

Captante said:
Noticed my Norton Security download & install a good-sized patch earlier today ... coincidence?

Anyway sucks that it takes these flaws being publicized before anything is done!

It was patched before the public disclosure.

Captante · Jun 30, 2016

Phynaz said:
It was patched before the public disclosure.

One can only hope.

TheRyuu · Jul 2, 2016

Captante said:
One can only hope.

No hope required. What was practiced here is called responsible disclosure[1]. The only problem with this specific issue is that manual intervention may be required for certain enterprise deployments (i.e. system administrator needs to install the updates manually).

[1] https://en.wikipedia.org/wiki/Responsible_disclosure

Search

High-severity bugs in 25 Symantec/Norton products imperils millions

TheRyuu

Diamond Member

Elixer

Lifer

Captante

Lifer

Phynaz

Lifer

Captante

Lifer

TheRyuu

Diamond Member

TRENDING THREADS