Symantec patches AV hole

Symantec has issued a fix for a vulnerability that could cause its security tools to crash or be potentially hijacked by malware. If the software scans a booby-trapped RAR archive, it can wind up attempting to execute code smuggled within, we're told.

The decomposer engine used for antivirus protection in 18 different Symantec enterprise and personal security products contains a pair of flaws that can be exploited to pull off denial-of-service attacks or possibly remote code execution.

Both vulnerabilities were discovered and reported by Tavis Ormandy of Google's Project Zero.

Users and administrators are advised to test (if needed) and install the patches as soon as possible. ®

Sponsored: Technical Overview: Exasol Peek Under the Hood


Biting the hand that feeds IT © 1998–2019