A security researcher at Google has found several fatal flaws in Symantec antivirus software (also known as Norton) that he describes as “as bad as it gets”. Symantec has issued an advisory to customers and released updates that fix the security flaws.
The blog post, written on Tuesday by Google security researcher Tavis Ormandy, is brutal. It chastises Symantec for the multiple critical vulnerabilities he discovered. “[The security flaws] don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible,” Ormandy wrote.
Because Symantec uses the same “core engine” for every product, Ormandy explained, the flaws effect all Symantec software. If your antivirus software doesn’t automatically update, it’s probably a good idea to do so now.
“Because Symantec uses a filter driver to intercept all system [input and output], just emailing a file to a victim or sending them a link to an exploit is enough to trigger it — the victim does not need to open the file or interact with it in anyway,” Ormandy wrote. “Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.”
Keeping software updated is good computer security hygiene, as it ensures you have the latest patches to any known security flaws. For example, Google Chrome is considered one of the most secure browsers because, among other things, it automatically updates with important security patches. [Google Project Zero, via Engadget]