Symantec Antivirus software flaw allows hackers to seize control of PCs without user interaction

“Symantec Corp.’s leading antivirus software, which protects some of the world’s largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday,” Ted Bridis reports for The Associated Press.

“Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used, and because no action is required by victims using the latest versions of Norton Antivirus to suffer a crippling attack over the Internet,” Bridis reports. “Symantec has boasted its antivirus products are installed on more than 200 million computers.”

“Researchers from eEye Digital Security Inc. of Aliso Viejo, Calif., discovered the vulnerability and provided evidence to Symantec engineers this week, said eEye’s chief hacking officer, Marc Maiffret. He demonstrated the attack for The Associated Press,” Bridis reports.

Full article here.

eEye Digital Security describes the Symantec flaw: “A remotely exploitable vulnerability exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access. Severity: High.”

eEye Digital Security Advisory: http://www.eeye.com/html/research/upcoming/20060524.html

MacDailyNews Take: Some of the world’s largest corporations and U.S. government agencies wouldn’t be suffering today if they had picked the superior platform in the first place. They wanted cheap; they got it. As always, Mac users should not purchase Symantec (or McAfee) products. Do not patronize scare-mongering leeches that are in panic mode because Mafiasoft has decided to muscle in on their action.

Advertisements:
Amazon.com: Switching to the Mac: The Missing Manual, Tiger Edition by David Pogue
Introducing the super-fast, blogging, podcasting, do-everything-out-of-the-box MacBook.  Starting at just $1099
Get the new iMac with Intel Core Duo for as low as $31 A MONTH with Free shipping!
Get the MacBook Pro with Intel Core Duo for as low as $47 A MONTH with Free Shipping!
Apple’s new Mac mini. Intel Core, up to 4 times faster. Starting at just $599. Free shipping.
iPod. 15,000 songs. 25,000 photos. 150 hours of video. The new iPod. 30GB and 60GB models start at just $299. Free shipping.
iPod Radio Remote. Listen to FM radio on your iPod and control everything with a convenient wired remote. Just $49.

Related MacDailyNews articles:
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
Symantec CEO: We think more people ought to buy Apple Macs – May 15, 2006
Analyst: McAfee’s recent Apple Mac security report is ‘sloppy scaremongering’ – May 08, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Network World: Apple’s Mac OS X is significantly more secure than Windows – May 01, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
Microsoft: recovery from Windows malware becoming impossible; better to to wipe and rebuild – April 04, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Apple Mac remains ‘unhacked’ as University of Wisconsin’s Mac OS X Security Challenge ends – March 08, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Apple Mac OS X clearly offers superior security over Microsoft Windows – March 02, 2006
Apple Mac OS X has a lot more vulnerabilities than Windows XP? – February 28, 2006
Enderle: Security vendors see Apple as next big opportunity – February 28, 2006
As Apple Mac grows in popularity, will security issues increase? – February 27, 2006
The Idiot’s Guide to Mac Viruses For Dummies 101 – February 24, 2006
Wired News: ‘Mac attack a load of crap’ – February 22, 2006
Report: Apple developing fix for automatic execution of shell scripts – February 21, 2006
Ars Technica: Fears over new Mac OS X ‘Leap-A’ trojan pointless – February 20, 2006
Atlanta Journal-Constitution asks: Is ‘Mac virus’ all just propaganda from Mac haters? – February 20, 2006
Patched in mid-2005 by Apple, Symantec warns ‘Inqtana-A’ worm could be ‘beginning of a trend’ – February 20, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
eWeek: Intel transition a ‘security non-issue’ for Apple Mac – January 30, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – January 26, 2006
IDC: Apple Mac 2005 U.S. market share 4% on 32% growth year over year – January 20, 2006
ZDNet Australia publishes latest Mac OS X security FUD article – September 09, 2005
Joke of the month: Gartner warns of Mac OS X ‘spyware infestation’ potential – March 30, 2005
Symantec warns about Mac OS X security threat – March 21, 2005

46 Comments

  1. Looks like some disgruntled former employee in Symantec’s virus production and development department (come on, of course they have one) left them a little surprise.

    Somebody please call Symantec’s CEO. I want to here him lecture me about my Mac’s vuneralbilities. I think I wil laugh much harder ths time.

  2. Isn’t irony delicious?

    I’ll stick with Intego Anti-Virus…made by Mac users for Mac users, and you don’t need a non-existent browser to buy it… ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

    MW=points; I sent MDN a CNN link — don’t I get a few points for that? 😀

  3. justme2: You get 35 points. Redeemable for a free cocktail olive at any venue in Branson, Missouri.

    Microsoft CEO Says Windows Vista on Track – funniest headline currently on Google news.

  4. Get Over It: “Another Windows vuln? Yawn. Do you know ANYBODY who was affected? I didn’t think so. Maybe they will be, maybe not.

    Just run anti-virus software and a PC is as safe as your overpriced $600+ Macs.”

    ………..um first of all, I think you’ve missed the point entirely. Really, are you that daft?
    Secondly, Macs are not overpriced, unless of course $600 is your breaking point, in which case you either
    a) get a dose of reality.
    b) get a better f***ing computer
    c) raise your standards a little…
    d) settle on a crap PC with your good friends Micros**t and Symantec watching your back

    Idiot.

  5. The vulnerability is IN the friggin antivirus software. PCs arent safe at all now! (not that they ever were)

    A PC running always-on antivirus software goes about as slow as a G3 iMac, its resource hogging, vulnerability-stuffed crap.

    And Macs arent overpriced, they just dont make crap ones with celeron d or pentium 4, only the best processors, and much better build quality.

  6. @Get over it:

    I’d gladly run antivirus software if it wasn’t the antivirus software that was giving me the viruses.

    A bit of a Cath-22, no?

    P.S. Admittedly, you are right that probably few people — if anyone — were afffected. However, it is a bit disconcerting when the stuff that’s supposed to protect you onloy exacerbates the issue.

  7. “Symantec Corp.’s leading antivirus software, which protects some of the world’s largest corporations and U.S. government agencies, OFFERS A NEW FEATURE that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday,” Ted Bridis reports for The Associated Press.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.