Google finds 25 vulnerabilities on security tools from Symantec and Norton
The Project Zero division of Google announced the presence of 25 security vulnerabilities within Symantec and Norton.
The Project Zero security division of Google is always alert and in the last round of vulnerabilities discovered has slapped Symantec and Norton for a number of bugs that can expose millions of consumers and businesses to self-replicating attacks in which an attacker can take remote control of infected systems. This was revealed was the security researcher Tavis Ormandy in a blog post of Project Zero.
” These vulnerabilities do not require special user interaction, ” says Ormandy. ” Affect the software with the default configuration, it can operate well with the highest possible permissions. In some instances, in the Windows environment, the vulnerable code is also loaded into the kernel, resulting in corruption of the remote kernel memory “. The post is published shortly after Symantec released its own documentation where they were listed, and 17 proprietary products and 8 of Norton among those containing the vulnerabilities described.
Ormandy has warned that the exploit of the flaw is particularly easy to do, allowing the vulnerability to spread virally from machine to machine on a target network, and potentially also through the Internet: ” Given that Symantec uses a filter driver to intercept all calls I/O system, just send an email to a victim, or send them a link to the exploit is enough to unleash it “, continues Ormandy.
” The victim does not even need to open the file or interact with it in any way. Since no interaction to exploit, the vulnerability is not necessary can have potentially been devastating consequences for Norton and Symantec customers. ” Particularly susceptible to the vulnerability enterprise networks, which may also be heavily affected if the exploit is able to spread through the network of connected computers.
The bugs reside inside of Engine that products used to decompress the tools that malware developers use to hide malicious code. The engine analyzes the code contained in the file before, it is downloaded or executed but, as those used by Symantec are performed directly in the operating system kernel, errors can guarantee total control of the machine on the potentially infected machine.
Ormandy claims that a better approach would be to run these software within the secure sandbox, thus isolating the untrusted code from sensitive parts of the operating system. The researcher has developed several proof-of-concept of the discovered vulnerabilities: one of these exposes the engine decompression in size data are difficult to calculate, the value of which is rounded incorrectly causing a buffer overflow. Other types of vulnerabilities discovered can be found here.
The announcement of Project Zero is the latest to point out that security vulnerabilities and bugs are also present on designed to protect software. Sure, it may seem a paradox, but it is possible that the various security software have flaws that make it even remotely possible attacks, and that of the Symantec and Norton software is not that only the last event among those successes in recent years.
The companies released few updates last Tuesday that is automatically installed, while on some corporate installations require manual intervention of administrators.