Symantec and Norton Security Products Contain Critical Vulnerabilities

Discussion in 'macOS' started by mpainesyd, Aug 28, 2016.

  1. mpainesyd macrumors 6502

    mpainesyd

    Joined:
    Nov 29, 2008
    Location:
    Sydney, Australia
    #1
    I just came across this US-CERT alert:
    https://www.us-cert.gov/ncas/alerts/TA16-187A

    Original release date: July 05, 2016
    Overview
    Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

    ...
    A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.
    ---------
    How ironic!

    This does not seem to have been picked up by Mac news websites.
     
  2. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #2
    I would never install anything from Symantec/Norton on any machine; so I don't worry about this.
     
  3. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #3
    Maybe because most Mac users hate symantec and avoid it like the plague ;)
     
  4. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #4
    6/28/16 blog entry by Tavis Ormandy regarding Symantec/Norton :

    https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html
     
  5. ProTruckDriver macrumors newbie

    ProTruckDriver

    Joined:
    Jul 28, 2016
    Location:
    Chesapeake, Virginia
    #5
    Time to look for a new CEO Again for Symantec. :rolleyes:
     

Share This Page