Quick Hits

US-CERT Issues Alert Over Severe Security Bugs In Symantec, Norton Products

Newly discovered--and now patched--flaws in popular security software raises alarm.

US-CERT this week warned users to immediately patch their Symantec and Norton antivirus software in the wake of revelations of severe vulnerabilities that could allow an attacker to remotely control victim machines.

The vulnerabilities, which were uncovered by Google's Tavis Ormandy, affect some 24 products in Windows, OS X, and Linux environments. 

"A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event," US-CERT said in its advisory.

Symantec has issued patches and hotfixes to the security bugs, and US-CERT is calling for organizations to patch "immediately."

See the US-CERT advisory here, and the Symantec advisory and security update here