US-CERT Issues Alert Over Severe Security Bugs In Symantec, Norton Products

Newly discovered--and now patched--flaws in popular security software raises alarm.

Dark Reading Staff, Dark Reading

July 6, 2016

1 Min Read

US-CERT this week warned users to immediately patch their Symantec and Norton antivirus software in the wake of revelations of severe vulnerabilities that could allow an attacker to remotely control victim machines.

The vulnerabilities, which were uncovered by Google's Tavis Ormandy, affect some 24 products in Windows, OS X, and Linux environments. 

"A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event," US-CERT said in its advisory.

Symantec has issued patches and hotfixes to the security bugs, and US-CERT is calling for organizations to patch "immediately."

See the US-CERT advisory here, and the Symantec advisory and security update here

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights