eEye Digital Security Discovers Critical Vulnerability in Symantec Antivirus Software
eEye Digital Security has recently discovered a serious vulnerability in Symantec’s antivirus software.
Researchers at eEye have confirmed that this brand-new vulnerability could be exploited by hackers to create a self-replicating worm capable of attacking systems running the vulnerable Symantec software.
As of now, Symantec has not confirmed the existence of this security flaw, and there has been no significant progress made on a remedy. Meanwhile, eEye has disclosed very little information regarding this security vulnerability.
Information on eEye’s website indicates that this vulnerability can be exploited to remotely execute malicious code without any interaction from the user. eEye rates this security vulnerability as “highly dangerous.”
This vulnerability affects a range of versions starting from Symantec Antivirus 10 and Symantec Client Security 3.x. Other versions of Symantec Antivirus may also be impacted by this security flaw.
Mike Puterbaugh, Vice President of eEye, asserts that this vulnerability could be exploited using various forms of malware.
Symantec has stated that they are currently reassessing the reports from eEye. If they determine that this is indeed a serious vulnerability, Symantec will promptly implement remediation solutions, according to a company spokesperson.
Expert Marc Maiffret from eEye claims that it may take Symantec at least one to two months to resolve this issue, as the security flaw originates from within the software’s programming code.
This is not the first security vulnerability discovered in Symantec products. Late last year, researcher Alex Wheeler uncovered another security flaw in Symantec’s antivirus software that could be exploited by hackers to gain control of systems.
In October of last year, a severe vulnerability was identified in Symantec’s Scan Engine software.
Hoàng Dũng
