Tech
DHS Warns Users Of Symantec Antivirus Software With Major Security Loopholes
Megha Kedia
First Posted: Jul 08, 2016 07:47 AM EDT
While, we bank upon various antivirus software such as Symantec for the security of our PCs, internet security experts are warning that the antivirus products are in fact making the systems more prone to hacking.
The U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) has recently issued a warning to the public which claims that all Norton and Symantec antivirus products have severe security loopholes that could allow hackers to easily breach system settings, reported CBC News.
"Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system," the DHS alert read, reported Credit Union Times.
According to the alert, the issue affects 24 security products, including Symantec Endpoint Protection, Symantec Email Security, Norton Security, and Symantec Protection for SharePoint Servers. Hackers could take advantage of these vulnerabilities to run arbitrary code at root or system privileges. A remote trigger could activate a malicious file via email with no user interaction.
The warning comes after Google's Project Zero security researchers found critical vulnerabilities in Symantec's Norton Antivirus product.
Explaining about the vulnerabilities, Google researcher Tavis Ormandy noted in a blog post that the vulnerabilities found are very much unsafe. While, they don't require any user interaction, they adversely affect the default configuration, and the software runs at the highest privilege levels possible. He added that in certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.
Symantec has reportedly acknowledged the security flaws. While, some security patches were immediately rolled out to cover the flaws, updates to secure the fundamental architectural flaws are still awaited. The security software maker has warned customers that vulnerabilities in the firm's systems won't be fixed until mid-July.
To be at a safer side, we would advise our readers to back up their files regularly, get their operating system and software up to date and patched and be careful while clicking on links and attachments.
See Now:
NASA's Juno Spacecraft's Rendezvous With Jupiter's Mammoth Cyclone
Tagsantivirus software, Symantec, U.S. Department of Homeland Security's Computer Emergency Readiness Team, Norton and Symantec antivirus products, Norton Security, Google Project Zero ©2024 ScienceWorldReport.com All rights reserved. Do not reproduce without permission. The window to the world of science news.
More on SCIENCEwr
First Posted: Jul 08, 2016 07:47 AM EDT
While, we bank upon various antivirus software such as Symantec for the security of our PCs, internet security experts are warning that the antivirus products are in fact making the systems more prone to hacking.
The U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) has recently issued a warning to the public which claims that all Norton and Symantec antivirus products have severe security loopholes that could allow hackers to easily breach system settings, reported CBC News.
"Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system," the DHS alert read, reported Credit Union Times.
According to the alert, the issue affects 24 security products, including Symantec Endpoint Protection, Symantec Email Security, Norton Security, and Symantec Protection for SharePoint Servers. Hackers could take advantage of these vulnerabilities to run arbitrary code at root or system privileges. A remote trigger could activate a malicious file via email with no user interaction.
The warning comes after Google's Project Zero security researchers found critical vulnerabilities in Symantec's Norton Antivirus product.
Explaining about the vulnerabilities, Google researcher Tavis Ormandy noted in a blog post that the vulnerabilities found are very much unsafe. While, they don't require any user interaction, they adversely affect the default configuration, and the software runs at the highest privilege levels possible. He added that in certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.
Symantec has reportedly acknowledged the security flaws. While, some security patches were immediately rolled out to cover the flaws, updates to secure the fundamental architectural flaws are still awaited. The security software maker has warned customers that vulnerabilities in the firm's systems won't be fixed until mid-July.
To be at a safer side, we would advise our readers to back up their files regularly, get their operating system and software up to date and patched and be careful while clicking on links and attachments.
See Now: NASA's Juno Spacecraft's Rendezvous With Jupiter's Mammoth Cyclone