Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
More Serious Bugs Revealed in Symantec/Norton Products Again
June 30, 2016
It is not a good time to be using Symantec security products. Symantec has issued an advisory, which lists high-severity vulnerabilities in seventeen enterprise products and eight Norton consumer products. The vulnerabilities were reported by Tavis Ormandy, a researcher with Google's Project Zero. The biggest problem is a flaw in the way that Symantec unpacks compressed code. Apparently, Symantec runs the unpackers directly in the operating system kernel, which means any errors can allow an attacker to gain complete control over the system. Hasn't Symantec heard about something called a "sandbox" that can be used to isolate untrusted code from the operating system?
In most cases, the updates will automatically be delivered to your computer. However, it's probably a good idea to check out the advisory to see if any of the fixes have to be manually installed.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com