Everlytic is more connected to its business partners than ever before. This is after South Africa’s most trusted bulk communication platform company held its…
Newly discovered Symantec vulnerability is ‘as bad as it gets’, affects 25 products
Symantec reps are probably having a horrible, horrible day today.
A new report by Google‘s security collective Project Zero, suggests that Symantec anti-virus and security products have some huge and “critical vulnerabilities” that can affect the very kernel of the operating system.
“These vulnerabilities are as bad as it gets,” explains Tavis Ormandy on the Project Zero blog.
“They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
It’s so bad, that users don’t even need to open an infected email for it to self-propagate. This is largely thanks to Symantec’s use of an actual driver to filter I/O from the device. Gain control of the driver, and attackers effectively have the OS’s spinal column to play with.
What is a ‘kernel’? It’s the operating system’s juicy centre. It’s effectively the middle-man between hardware and software. It turns software requests into instructions for the CPU, manages system memory, and I/O operations from mice and keyboards. As a result, it’s also the most sensitive portion of the OS.
Related: Cyber security is increasingly a battle of the people versus email scammers
Ormandy adds that “an attacker could easily compromise an entire enterprise fleet using a vulnerability like this.”
Network administrators should keep scenarios like this in mind when deciding to deploy Antivirus, it’s a significant tradeoff in terms of increasing attack surface.”
So what can you do?
Well, updating your security software is a good start. Symantec published its own advisory as well, which sees 17 enterprise products and eight branded as Norton as vulnerable. It’s the latter that consumers should be most worried about.
While this vulnerability doesn’t seem to have been exploited just yet, you should nonetheless keep a vigilant eye and mouse click out until Symantec pushes an update to its wares.
Feature image: Martin McKeay via Flickr