BREAKING: Flaws in Symantec may expose your PC to hackers!
A researcher at Google’s Project Zero has detected that several vulnerabilities in both the Consumer and Enterprise editions of the Symantec antivirus could easily be exploited by hackers to infiltrate users PCs.
Symantec has recently released patches which they hope will solve the issue, but since some products don’t update automatically (or users don’t have automatic updates turned on and prefer to update manually) some PCs may still be at risk of infection.
Where are the issues located?
Most of the flaws found by the Project Zero researcher, whose name is Travis Ormandy, are located in the Decomposer component of Symantec’s antivirus engine. The Decomposer is the component which handles parsing file formats, including ZIP files and RAR files.
Additionally, the Decomposer runs under the system user, which is the most privileged account type on Microsoft Windows systems.
Why does this matter?
Allowing antivirus programs to parse files at unnecessarily privileged user account levels is a risky move which has long been criticized by security researchers, both at Google and beyond.
Specifically, Ormandy identified issues within the code that Symantec uses to handle ZIP, RAR, LZH, LHA, CAB, MIME, TNEF and PPT files, which could worry consumers because these flaws can allow for remote code execution (allowing hackers to inject their code into your PC remotely) and are “wormable” meaning that they can be used to create and deliver computer worms.
A Common and Ongoing Issue
It’s normal for developers to use “third party” code, which refers to code that has been written by another party, in their software, but it’s good practice to track and document vulnerabilities created by the code and to implement patches as necessary.
Especially in the case of security vendors it’s only natural to assume that they would keep track of third-party code used by their software, this is not always the case. This is largely due to the fact that companies like Symantec are bundling old and outdated code which was one used in previous versions into newer releases to try and support older versions.
However when companies “bundle” code together and don’t properly review and assess any security risks it can lead to disastrous results for their users.
Since Google’s Project Zero announced their findings Symantec has issued a public statement and security advisory warning users to check to see if they fall into the list of potentially risky products, and has published instructions on how best to update them and protect against any malicious attacks, and consumer-line Norton products should have been updated automatically.
If you’re still worried about the state of your PC and whether or not you may have already been infiltrated by malicious hackers, bring in your PC for a checkup with one of our Security Experts. Our team are happy to help provide you with the peace of mind that comes with knowing that your personal information is safe and secure.
Give us a call at 204-586-7953 for information about how we can help you keep your PC safe!