A security researcher discovered a serious flaw in the Symantec and Norton products which could allow attackers to take complete control over their computer systems. The security researcher’s discovery led to urges that all users of Symantec and Norton products should try to update all their software.
Tavis Ormandy, a Google Project Zero bug-hunter, managed to discover the bug and said the bug was in the Symantec core product range which meant it was able to attack Windows, Mac and Linux systems. The bug is cross platform, and since it is in the core scan engine, most of the Symantec products were at risk. The list of vulnerable products includes Endpoint Antivirus, Norton Antivirus, Symantec Scan Engine and the Symantec Email Security.
Ormandy explained that Symantec intercepted all system I/O using a filter driver, a simple email to a victim or sending of a link was sufficient enough for attackers to exploit the system. He explained the vulnerability was a remote code execution flaw, before adding that the flaw made remote heap overflow on the Linux, Mac, and Unix platforms. For the Windows system, it resulted in kernel memory action, which is as bad as it can get.
Bug reporting rules applied, the report was given the 90-day disclosure deadline. Symantec, after getting it, acted swiftly and provided a fix for the problem. The update was officially released on the 16th of May and titled CVE-2016-2208. All products that have the LiveUpdate feature running on them must have the update already.
Symantec also confirmed what Ormandy had found. In an advisory to update the system, the company wrote that the files could be taken from incoming emails, or by a simple download of a document or simple application. Or through the most common route of visiting malicious websites. It also confirmed that if the bug was executed at kernel level stage, it could cause memory access violation. If there were successful exploitation, it would result in an immediate system crash, the company confirmed.
Critical Symantec fix being released later today via LiveUpdate. The other critical RCE vulns cant be fixed via LU, will require a patch.
— Tavis Ormandy (@taviso) May 16, 2016
Symantec users are now highly advised to update their systems before anything happens especially since the flaw has now become public. Many cyber-attackers might look to take advantage of the now public flaw and cause havoc for users who might take the time to update their systems.
The Google Project Zero is building up a strong reputation as they continue to find security bugs in some of the most used software, some which include Avast, FireEye, Malwarebytes, TrendMicro, and Kaspersky.
So please ladies and gentlemen, help protect yourself by getting an excellent VPN.