“Secure OS X reports on a ‘highly critical’ flaw that has been discovered in Symantec’s AntiVirus software for Mac OS X,” MacFixIt reports. “The vulnerability occurs when AntiVirus is decompressing files compressed in the RAR format for scanning. When AntiVirus is performing this operation, it is susceptible to to multiple heap overflows allowing attackers complete control of the system(s) being protected.”
Secure OS X reports:
“These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP. Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. Symantec implementations are likely vulnerable in their default configuration. In default configurations users are likely vulnerable regardless of whether they choose to open or read the email.”
“The only solution at this point is to filter RAR archives at email or proxy gateways, or disable and uninstall Norton AntiVirus,” MacFixIt reports. “Until further notice, we recommend that users uninstall AntiVirus.”
More info, links, and uninstall instructions here.
Advertisements:
• The New iPod with Video. The ultimate music & video experience on the go. From $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.00.
• The New iMac G5. Built-in camera and remote control. From $1299. Free shipping.
• Apple USB Modem. Easily connect to the Internet using your dial-up service. $49.00.
Related MacDailyNews articles:
Why Symantec’s ‘scare tactics’ don’t worry Mac users – September 28, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
Doh!
” width=”19″ height=”19″ alt=”ohh” style=”border:0;” />
Good thing I never bought the darn thing.
PRECIOUS!!!!
ouch…. Symantec isn’t gonna like that, or maybe they are. They’re the ones claiming OSX is flawed. Well…. the software we trust isn’t, so did this glitch come intetionally or not is my question.
buy an antivirus program for mac.
fugging tools.
yeah, i’m talking to you.
Putting that crap on your Mac, messes it up anyway.
We don’t need their sh_t
but there no viruses on the Mac … I don’t get it.
An OS without 1 virus.
An app to protect the 1 OS without a virus.
The app leaves a hole for viruses.
What irony.
Run for the hills the sky is falling!
Another reason not to run anti-virus software on a mac.
Funny thought that a anti-virus software program would CREATE the problem.
That’s just downright funny.
NO
we aint gonna take it
we’re not gonna take it…anymore1111111111111
Finally, someone puts a hot poker into Symantec.
“The only solution at this point is to filter RAR archives at email or proxy gateways, or disable and uninstall Norton AntiVirus,” MacFixIt reports. “Until further notice, we recommend that users uninstall AntiVirus.”
Funny. I’ve always recommended that user uninstall Norton AntiVirus. Unless they’re running Windows. In that case, they should uninstall Windows.
Bwahahahah!
Tera Patricks
Mac360
**MDN’s magic word “didnt” as in ‘I didn’t say that, did I?’
Who needs or uses anti-virus software on a Mac????
If you insist on using AV on a Mac, at least try ClamXAV. Its free (actually donationware) and open source. No conflict of interest.
The most insecure software you can run on OS X turns out to be NAV. You can’t make this stuff up.
I think that Symantec was trying to create a problem so that they could fix it. Be honest people! Where do you think all the viruses and fixes are coming? The truth is out there.
Haven’t used NAV in more than 2 years. Clearly, they’ve got problems.
oh the irony
It’s been a LONG way down from SUM for Symantec. Symantec is (or at least should be) pretty much irrelevant to any Mac user.
Without wanting to make accusations, has anyone checked their Windows software to see whether similar holes are introduced?
[French accent]
See? Do you seeeeeee? Do you see how easy it is to make you American Mac users flustered. We French would never have such problems. Why?
Because we are better than you.
It’s very simple, really. You stoopid mouth-breathers are all alike. It does not matter from where you hail in your vast, corrupt excuse for a nation. You all eat your drive-thru food like de pigs that you are. You get whatever you deserve for using Macs and ridiculing Jerry Lewis.
So, go about your pathetic lives whilst we Frenchmen continue to leer at our women and suckle at ze teat of our government’s largesse. Oh, what’s that? Largesse? Yes, you say you don’t know what that means? Of course you don’t — you’re all stupid in-bred, flatulent American dogs. Now . . .
GIVE US BACK OUR STATUE OF LIBERTY!!!!!!!!
[/French accent]
Oh the things we Mac users do to save our blinded by Bill Gates friends.
The only reason we use any AV software on our macs at work is so those who send us the infected files from their windows machines aren’t reinfected since they can’t understand they must run their AV software at least 87 times a day.
We have a mixed lab environments where people are notrious for using a winblowz machine to create a document then go to the Mac lab to finish working on it. After that, it gets sent to some other person who insists that “Windows is better.” Thus taking down our network because they unleash 500 million worms.
MDNMW == “twenty” as in the number of hours it takes to remove all the components of Norton AV for Mac. Stupid stuff is installed in just about every stinking folder it can write to.
If you’re running Mac OS X and go out and spend good money on $ymantec (or any other) <i>”antivirus” you deserve what you get!
I mean you’re already getting reamed by $ymantec with their protection racket; you might as well get raped some more by the nefarious assholes on the ‘net too.
MDN Word: “business” – Yea, I know it’s only business nothing personal
Symantec Software SUCKS?
How can it be?