Feeds

Sophos bug highlights wider anti-virus flaws

Window of vulnerability

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Users of Sophos’s anti-virus products were warned this week of a potentially serious security vulnerability. The bug - unearthed by security researcher Alex Wheeler - involves an unspecified heap-based buffer overflow vulnerability. The cross-platform flaw applies to Sophos Anti-Virus Small Business Edition and in version 3.x and 4.x of its flagship Sophos Anti-Virus product.

Successful exploitation of the vulnerability might be used to compromise vulnerable systems. Sophos is keen to calm possible security concerns. "Although theoretically a risk, Sophos has not seen any examples of malware attempting to exploit this vulnerability," it said.

The UK-based anti-virus vendor has released updates for Sophos Anti-Virus (3.96.0 and 4.5.4) that include a security fix. An update for Windows versions of Sophos Anti-Virus Small Business Edition is due Friday with updates for the software on other platforms due within the next two weeks, as explained in Sophos's alert here.

Wheeler and Neel Mehta, of security tools firm ISS, were scheduled to make a presentation at this week's Black Hat security conference explaining how anti-virus programs are becoming a target for hackers because of inherent security weaknesses. The duo have plenty of examples to back up this warning.

Over recent weeks security vendor ISS has issued alerts over similar but distinct vulnerabilities in various security packages from Symantec, involving the processing of UPX compressed files; and anti-virus products from F-Secure and Trend Micro, both involving the handling of ARJ archive files. ISS has also unearthed a glitch with McAfee security software involving the processing of LHA files. ®

Related stories

Anti-virus vulnerabilities strike again
Trend Micro archive bug unearthed
Patch now against virus-writing clowns
Security products 'riddled' with bugs

Beginner's guide to SSL certificates

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.