Home & Office

Flaw found in antivirus software

update Report says corporate customers of Symantec's antivirus software are at risk of a cyber attack. Symantec says no reports of casualties yet; releases updates to affected products.
Written by Vivian Yeo, Contributor

update A vulnerability has been found in Symantec's antivirus software, which a report claims can impact corporate users worldwide, just by having the application in their machine. Symantec has since released its fixes.

In an advisory dated May 24 on eEye Digital Security's Web site, the security vendor says it has identified vulnerabilities in Symantec Antivirus 10.x and Symantec Client Security 3.x. Other products could also be potentially affected, eEye added.

According to eEye's advisory, the flaw "does not require any end-user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system-level access". The company has issued a high-risk rating, which it commonly uses for vulnerabilities that can be exploited remotely.

Symantec on Saturday released on its Web site updates for the Symantec Client Security 3.0 and 3.1, and the Symantec Antivirus Corporate Edition 10.0 and 10.1 versions.

Its online advisory indicated a "high" impact tied to the vulnerability. Symantec noted that if successfully exploited, the flaw "could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with system level rights on the affected system".

The vulnerability does not affect Norton-branded products, the vendor's line of consumer products.

When contacted by ZDNet Asia, a spokesperson from Symantec's Singapore office said the company is "working on providing prompt mitigation solutions for any confirmed issues".

Symantec "has not had any reports of any related exploits of this suspected vulnerability", the spokesperson added, but declined to disclose the number of customers the company has in the Asia-Pacific region.

Editorial standards