Security Company Sophos Reveals Details on Vulnerability in Antivirus Products
The software developer has disclosed that an independent research expert has uncovered a security flaw within Sophos’ antivirus, anti-spam, and other forms of malware detection software.
This security vulnerability arises from the way Sophos Anti-Virus handles Microsoft Cabinet compressed files.
Sophos stated that by creating a specially crafted Cabinet file to exploit this security flaw, hackers could execute binary code on systems running the vulnerable versions of Sophos Anti-Virus. Furthermore, exploiting this vulnerability does not require login authentication, making it easier for attackers to take advantage of it. However, this security flaw does not prevent Sophos Anti-Virus from performing its intended functions.
Nevertheless, Sophos also assures that the risk of being attacked through this vulnerability is very low. To date, no malicious code capable of exploiting this security flaw has been discovered. Sophos has also released a patch to address the vulnerability across a range of its products.
This vulnerability affects many different versions of Sophos Anti-Virus operating on Microsoft Windows, Apple Mac OS, and Linux platforms, including the Small Business Edition, PureMessage, and MailMonitor Gateway Security versions.
Sophos is not the only security company to identify vulnerabilities within its own antivirus software. Previously, Symantec also disclosed a security flaw in its Scan Engine that could be exploited to gain unauthorized access and conduct attacks on infected systems.
HVD – (eWeek)
