Google finds nightmarish ‘potentially devastating’ Symantec and Norton flaws

Security flaws called by Google “as bad as it gets” that left users of Symantec computer-security products including Norton AntiVirus and 360 vulnerable to “devastating consequences” has been fixed, Symantec said Wednesday.

The flaws would have allowed infection of computers via the simple sending of an email, according to Google “project zero” team member Tavis Ormandy, a British hacker.

“These vulnerabilities are as bad as it gets,” Ormandy wrote in a blog post. “They don’t require any user interaction. All Symantec- and Norton-branded antivirus products are affected by these vulnerabilities.”

While many infections start with a clink on a link, a Norton user could suffer an attack from a computer worm without clicking anything, Ormandy wrote in the Tuesday post: “Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it – the victim does not need to open the file or interact with it in any way. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.”

Symantec acknowledged the flaws and thanked Ormandy for finding them. On Wednesday, a spokesman for the Mountain View company said updates to fix all the flaws were available, most of them automatic. The firm on Tuesday issued an advisory about the problems and the fixes.

Photo: The network operations center at Symantec monitors website activity to protect their clients against cyber crime at a secretive facility in Mountain View in 2012. (Gary Reyes/Staff)


Tags: , , , , , ,


Share this Post

  • sunsetquest1

    Nice find for Google and Tavis Ormandy.