Research

Flaws in Symantec/Norton products ‘as bad as it gets’

Researchers at Google’s Project Zero team have uncovered what they say are a series of critical vulnerabilities in Symantec’s anti-virus products that are “as bad as it gets”, claiming the company really “dropped the ball.”

Flaws were found in Symantec’s core engine which is shared across a range of Symantec and Norton security products, including Norton Security, Symantec Endpoint Protection, Symantec Email Security, Symantec Protection Engine, and Symantec Protection for SharePoint Servers.

Symantec products across all platforms are said to be affected.

Harsh Criticism

“Today we’re publishing details of multiple critical vulnerabilities that we discovered, including many remote code execution flaws,” said Project Zero’s Tavis Ormandy. “These vulnerabilities are as bad as it gets.

“They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

And he warned that while some of the affected programs cannot be automatically updated, system administrators must take immediate action to protect their networks. Symantec meanwhile says it has fixed the flaws and has published advisories for its customers.

Ormandy said the vendor had “cut corners” when it decided to use unpackers in the kernel. And he slated Symantec for failing to conduct vulnerability management.

“Symantec dropped the ball here. A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries like libmspack and unrarsrc, but hadn’t updated them in at least seven years.”

He said: “Dozens of public vulnerabilities in these libraries affected Symantec, some with public exploits. We sent Symantec some examples, and they verified they had fallen behind on releases.”

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Share
Published by
Antony Savvas

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago