Norton antivirus has a gaping security flaw

BGR News

May 17, 2016 at 11:34 AM

A security researcher has discovered a "bug" in Symantec antivirus software, which affects "the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products." I say "bug" because it's less bug, and more a gaping security flaw that makes it incredibly easy to hack any PC, Mac or Linux box running Symantec software.

The flaw (spotted by The Register) was found by Tavis Ormandy, a white-hat hacker whose previous work has involved hacking internet-connected scales. The Symantec bug is to do with how the antivirus engine scans code, in particular an old compression tool.

MUST READ: Apple ruined the dream of having Google take over my iPhone

The result is that if a hacker sends a carefully formatted file via email (or just a web link), all the target computer has to do is receive and scan the email -- the user doesn't even have to open the file or link. The hacker then gets root access to the target computer, meaning he owns the machine. As Ormandy succinctly put it, "this is about as bad as it can possibly get."

Symantec is aware of the bug, and there's already a fix being pushed. If you use Symantec or Norton antivirus, you should run the Live Update tool, and check for patches.

The flaw itself is due to a buffer overflow, the same kind of programming bug that caused the infamous Heartbleed Bug. But what makes this particular flaw dangerous isn't the bug itself, it's where in the system the code is unpacked. On Windows machines, Symantec is unpacking potential malware directly into the kernel, which as one Twitter user pointed out, is a really bad idea:

https://twitter.com/riskybusiness/status/732374512449277952

What lessons can we learn from this? Well, as any compsci professor would probably explain, suspicious code should be examined in a walled-off sandbox, not the system kernel. For non-programmers, the lesson is much simpler: uninstall Norton or Symantec, get better about not opening suspicious files, and please, remember to do your backups.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Norton antivirus has a gaping security flaw

Recommended Stories

Former NBA guard Darius Morris dies at 33

Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

Kentucky Derby: Mystik Dan wins in three-horse photo finish, outruns favorite Fierceness in stunning upset

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

NFL Draft grades for all 32 teams | Zero Blitz

The best RBs for 2024 fantasy football according to our analysts

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets

Tight end rankings for 2024 fantasy football 2024

Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46

MLB odds: Elly De La Cruz on pace for historic season, and his MVP odds are dropping

2nd Boeing whistleblower found dead. Here's a timeline of the company's mounting problems.

UFC 301: Anthony Smith confronts career reality after reconciling with the man who knocked out his teeth

The expanded 12-team College Football Playoff is here — and it already has problems

MLB Power Rankings: Braves move into the top spot followed by Dodgers, Phillies as injuries take a toll across the league

How to watch the 2024 WNBA preseason: Caitlin Clark’s next Indiana Fever game time, channel and more