![]() The good news? Symantec is taking care of this relatively quickly. And on Windows, an attack compromises the kernel - you know, the very deepest level of the operating system. As Symantec is intercepting system input and output, you only need to email a file - the victim doesn't even need to read the email, just the act of AV scanning it is a trigger - or send a web link to wreck someone's day. The kickers are that it's both easy to launch the exploit and particularly vicious in most cases. ![]() ![]() If you use an early version of a compression tool to squeeze executables, you can trigger a memory buffer overflow that gives you root-level control over a system. Google's Tavis Ormandy has discovered a vulnerability in Symantec's antivirus engine (used in both Symantec- and Norton-branded suites) that compromises Linux, Mac and Windows computers. Security holes in antivirus software are nothing new, but holes that exist across multiple platforms? That's rare.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
May 2023
Categories |