If there’s a lesson to be learned from last week’s news that several Symantec enterprise and consumer endpoint security products have serious vulnerabilities, it’s that even security tools have exploitable flaws. Buyer beware and all that.
Travis Ormandy, of Google’s Project Zero team, said the vulnerabilities in Symantec’s code are “as bad as it gets.” Most of the flaws were in the Decomposer component, which parses various file formats, including archive files like .rar and .zip. Symantec unpacked archives right in the kernel using “the highest privilege levels possible,” which means malware compressed into one of these archives is opened in the most sensitive part of the operating system. This could lead to remote code execution and be used to create worms that execute and spread through local networks without user interaction.
To read this article in full or to leave a comment, please click here