A flaw has been found in Symantec’s latest antivirus software that allows hackers to exploit a PC without the user having to open anything.
The problem was first discovered by Eeye Digital Security, which reported it as a ‘high level’ threat.
“This flaw does not require any end-user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system-level access,” said Eeye in a statement.
Donal Casey, a security consultant at Morse, warned that this kind of security flaw is a serious cause for concern. “The fact that it allows hackers to remotely take control of a PC without the user opening any attachments or clicking on anything makes this a huge vulnerability,” he said.
According to Eeye, the problem affects Symantec Antivirus 10.x and Symantec Client Security 3.x.
A statement on the Symantec website described the flaw as “unverified” and the impact as “undetermined”.
“Norton products do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue,” Symantec said.
But Casey maintained that, even though the early indications are that no one has yet exploited the flaw, it is “a time bomb waiting to go off”.
“Businesses must be alert and remember that their antivirus software is like any other application and must be kept up to date with the latest patches at all times,” he said.
Symantec insisted that its product teams are investigating the report, and that updates would be provided for all currently supported products if necessary.
Subscribers 0
Fans 0
Followers 0
Followers