Software Integrity Blog


Vulnerabilities hit anti-malware software solutions

A Google researcher has disclosed a number of very serious vulnerabilities in Symantec and Norton anti-malware products.

“These vulnerabilities are as bad as it gets,” wrote Google’s Project Zero researcher Tavis Ormandy. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

His blog enumerates the most serious of the vulnerabilities in great detail.

On Tuesday Symantec listed 17 Symantec enterprise products and eight Norton consumer and small business products being affected in its own advisory. The company recommended users apply the patches dated June 28 or later. In general, if you use Symantec or Norton products, you should update them as soon as possible.

In May, Ormandy discovered a serious vulnerability in Symantec’s AV engine. And previously he has reported flaws in other anti-malware products such as Trend Micro, in Kaspersky Lab, FireEye, and Sophos antimalware products. In 2011, the Ormandy presented his findings against Sophos in a talk at Black Hat, saying “[Antivirus firms’ marketing materials] are high level double speak. They make up Hollywood-sounding names, but there’s little technical substance.”

In the current instance, Ormandy concludes “as well as the vulnerabilities we described in detail here, we also found a collection of other stack buffer overflows, memory corruption and more” in the Symantec products.


More by this author