The U.S. Department of Homeland Security issued a warning to the public, stating that the popular security tools by Symantec have many critical flaws that could let hackers into computers.
“Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system,” DHS officials said in the alert published through the United States Computer Emergency Readiness Team.
The weaknesses, according to the alert, affect 24 security products, including Symantec Endpoint Protection, Symantec Email Security, Norton Security, and Symantec Protection for SharePoint Servers.
“The large number of products affected, across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or system privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or system privileges by taking advantage of these vulnerabilities,” the DHS alert said.
The alert advised that Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. A remote trigger could activate a malicious file via email with no user interaction.
DHS also provided a link to a Google researcher’s depiction of the situation. “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible,” Tavis Ormandy, of Google’s Project Zero team, wrote in a company blog post June 28.
Google’s Ormandy reported the security flaws to Symantec and helped devise fixes, according to the antivirus company. Symantec has provided patches or hotfixes to these vulnerabilities.
CERT recommended users and system administrators fix their Symantec programs immediately. Some products do not update automatically and require administrators to take manual action on their networks.