“Secure OS X reports on a ‘highly critical’ flaw that has been discovered in Symantec’s AntiVirus software for Mac OS X,” MacFixIt reports. “The vulnerability occurs when AntiVirus is decompressing files compressed in the RAR format for scanning. When AntiVirus is performing this operation, it is susceptible to to multiple heap overflows allowing attackers complete control of the system(s) being protected.”
Secure OS X reports:
“These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP. Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. Symantec implementations are likely vulnerable in their default configuration. In default configurations users are likely vulnerable regardless of whether they choose to open or read the email.”
“The only solution at this point is to filter RAR archives at email or proxy gateways, or disable and uninstall Norton AntiVirus,” MacFixIt reports. “Until further notice, we recommend that users uninstall AntiVirus.”
More info, links, and uninstall instructions here.
• The New iPod with Video. The ultimate music & video experience on the go. From $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.00.
• The New iMac G5. Built-in camera and remote control. From $1299. Free shipping.
• Apple USB Modem. Easily connect to the Internet using your dial-up service. $49.00.
Related MacDailyNews articles:
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005