Gaping security hole found in Norton antivirus engine

Affects Symantec security products across the board

It seems there's a major hole in the core Symantec antivirus engine which is used across the company's main security products including the Norton range, although the firm has (unsurprisingly) moved quickly to address this issue.

The flaw was discovered by renowned white hat security expert Tavis Ormandy (who is part of Google's Project Zero team), with the AV engine being susceptible to a crafted and malformed portable-executable (PE) header file, capable of causing a buffer overflow.

Such a file could potentially be delivered via an email attachment or a malicious website, and successful exploitation will result in a Blue Screen of Death system crash.

As bad as it gets

On OS X and Linux machines, the attacker can gain root access via a remote heap overflow, and as for Microsoft's operating system, Ormandy notes: "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get."

As mentioned, Symantec has been quick to react, with software already being patched via LiveUpdate. If LiveUpdate has run recently on your machine(s), you should have the fix.

If you're not sure whether your security product has been updated, then you can manually fire up LiveUpdate to download the patched engine. Simply navigate to LiveUpdate in the interface, and run it until all available updates are installed.

Make sure you're covered, though, as this is a nasty little glitch.

Ormandy has been responsible for finding a number of vulnerabilities across all manner of security products, including the likes of Trend Micro, Sophos and Malwarebytes.

Via: The Register