McAfee security bug bites deep
Who guards the guards?
McAfee has fixed a flaw involving older versions of its consumer security software that creates a means for hackers to compromise vulnerable systems.
The bug is the latest in a string of flaws affecting security software packages that have come to light over recent months.
In this case, the unspecified security bug relates to McAfee SecurityCenter, creating a means to execute hostile code providing users can be tricked into visiting a malicious website.
The vulnerability affects versions 4.3 through 6.0.22 of SecurityCenter, a component of a wide range of McAfee security products including: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller and McAfee AntiSpyware.
Users are advised to update to McAfee SecurityCenter, as explained in an advisory by McAfee here. Most, but not all, McAfee users will automatically receive the update.
The bug was discovered by security researchers at eEye Digital Security, which has published an advisory here. ®