Symantec Corporation (NASDAQ:SYMC) is the latest firm to fall victim to an antivirus software security flaw in its software, and the software error affects multiple platforms.
Tavis Ormandy from Alphabet Inc (NASDAQ:GOOGL) discovered the flaw which affects Apple Inc. (NASDAQ:AAPL) Mac devices, Windows from Microsoft Corporation (NASDAQ:MSFT) and computers running on Linux. Ormandy discovered that the use of an early compression tool on executables can lead to an overflow of memory buffer which gives root access to the user.
Vulnerability affects all platforms
The downsides to the exploit are that it is easy to execute, and it can also be used for malicious attacks. The process can be carried out through PE files received via email or through application and document download. The exploit causes a massive remote overflow as a root in the Symantec security features for Linux and OS X systems. The exploit causes the kernel memory to be corrupted as the scan engine is getting loaded.
Symantec claims that the most common identifier that the security loophole has used is when the system crashes and a blue screen appears. Ormandy tried to warn Symantec of the vulnerability by sending mail to the company, and it ended up crashing Symantec’s email server. The exploit is possible because the company uses a filter driver to analyze all system I/O. The company released a patch to fix the flaw on its products on Monday. Symantec stated that all its products that run LiveUpdate would receive patches.
According to Ormandy, the antiviruses that were affected include the Symantec Email Security, Norton Antivirus, Symantec Endpoint Antivirus and the Symantec Scan Engine. All of the security products were affected on all platforms, and there is a high likelihood that the exploit also affected other security products from Symantec. Ormandy has previously discovered security loopholes in other antivirus products such as AVG Technologies NV (NYSE:AVG), FireEye Inc (NASDAQ:FEYE), Avast, MalwareBytes, and Kaspersky. He has also discovered a few exploits in products offered by Microsoft Windows.