U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical vulnerabilities open Symantec customers to remote hack

Symantec has fixed dozens of critical vulnerabilities affecting its solutions that can be exploited by remote attackers for arbitrary code execution. The popular Google Project Zero hacker Tavis Ormandy last month reported a number of critical security issues in Symantec solutions, and this is the good news. The bad news is that Symantec promptly fixed one […]

Critical vulnerabilities open Symantec customers to remote hack

Symantec has fixed dozens of critical vulnerabilities affecting its solutions that can be exploited by remote attackers for arbitrary code execution.

The popular Google Project Zero hacker Tavis Ormandy last month reported a number of critical security issues in Symantec solutions, and this is the good news. The bad news is that Symantec promptly fixed one of them requesting more time to solve the others due to their complexity.

This week Symantec published a security advisory to announce that all the vulnerabilities discovered by Ormandy have been resolved.

The list of flaws impacting 25 Symantec and Norton solutions includes buffer overflow (CVE-2016-2209 and CVE-2016-2210), memory corruption (CVE-2016-2211 and CVE-2016-3644), memory access violation (CVE-2016-2207 and CVE-2016-3646), and integer overflow (CVE-2016-3645) vulnerabilities.

According to Ormandy, the vulnerabilities resides in the “decomposer” component of the Symantec Antivirus Engine that was designed to “decomposer” library, and is used for extracting document metadata and embedded macros. In order to perform the operations it was designed for, the decomposer runs with system/root privileges.

“Today we’re publishing details of multiple critical vulnerabilities that we discovered, including many wormable remote code execution flaws. 

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”  Ormandy wrote in a blog post.

Most of the vulnerabilities could be triggered remotely by simply tricking victims into open a specially crafted file or visit a bogus website.

Symantec Antivirus Engine flaws

Ormandy also highlighted the importance of vulnerability management for antivirus vendors.

The analysis he made on the Symantec decomposer allowed him to discover that the library was using code from open source libraries like libmspack and unrarsrc that the company hadn’t updated in at least 7 years.

“Nobody enjoys doing this, but it’s an integral part of secure software development. Symantec dropped the ball here. A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries like libmspack and unrarsrc, but hadn’t updated them in at least 7 years.” wrote Ormandy.

The company published a security notice confirming the security vulnerabilities.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – hacking  antivirus)