Users of Symantec and Norton products are being urged to update their software after a security researcher disclosed a serious vulnerability that can be exploited by hackers to gain complete control over computer systems.
Disclosed by Google Project Zero bug-hunter Tavis Ormandy, the cross-platform bug in Symantec's core product range can be used to attack Windows, Mac and Linux systems. As the flaw exists in the core scan engine, the "majority" of Symantec products are vulnerable, the researcher said. This includes Endpoint Antivirus, Norton Antivirus, Symantec Scan Engine and Symantec Email Security.
"This is a remote code execution vulnerability," Ormandy explained. "Because Symantec use a filter driver to intercept all system I/O [input/output], just emailing a file to a victim or sending them a link is enough to exploit it."
He added: "On Linux, Mac and other Unix platforms, this results in a remote heap overflow as root in the Symantec or Norton process. On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel. This is about as bad as it can possibly get."
As per usual when it comes to bug reporting – the report was subject to a 90-day 'disclosure deadline'. For their part, Symantec responded quickly and a fix was quickly developed. It was officially released on 16 May and given the title CVE-2016-2208. According to Symantec, products that run LiveUpdate should already be patched.
In its advisory, Symantec confirmed Ormandy's findings: "Files can be received through incoming email, downloading of a document or application, or by visiting a malicious web site," it admitted. "Sufficiently malformed, the code executed at the kernel-level with system/root privileges causing a memory access violation. The most common symptom of successful exploitation resulted in an immediate system crash."
All Symantec users are now highly advised to download the relevant patch to stay safe from hackers and cybercriminals that may seek to exploit this now-public flaw. Google Project Zero has built up a strong reputation in security circles by finding severe bugs in a range of widely-used software, including offerings from Avast, FireEye, Malwarebytes, Trend Micro and Kaspersky.