Home News Symantec Antivirus Security Flaw Exposes Linux, Mac, and Windows

Symantec Antivirus Security Flaw Exposes Linux, Mac, and Windows

153

Security holes in antivirus software are nothing new, but holes that exist across multiple platforms? That’s rare… but it just happened. Google’s Tavis Ormandy has discovered a vulnerability in Symantec’s antivirus engine (used in both Symantec- and Norton-branded suites) that compromises Linux, Mac and Windows computers. If you use an early version of a compression tool to squeeze executables, you can trigger a memory buffer overflow that gives you root-level control over a system.

The kickers are that it’s both easy to launch the exploit and particularly vicious in most cases. As Symantec is intercepting system input and output, you only need to email a file — the victim doesn’t even need to read the email, just the act of AV scanning it is a trigger — or send a web link to wreck someone’s day.

Read more at Engadget