Tavis Ormandy, is perhaps the department's best-known security researcher Project Zero of Google, as it has occasionally discovered vulnerabilities in very famous products and services. This time the researcher discovered and helped Symantec fix a serious security issue affecting the Antivirus Engine, the core of many of the company's security products.
Ormandy explains that in some cases, when a certain type of data reaches the Symantec Antivirus Engine (SAE), the product handles these files in an unsafe way leading to a buffer overflow.
"When parsing executables are packaged from an early version of aspack, a buffer overflow can occur in the Symantec Antivirus core engine used in most Symantec and Norton", says Ormandy.
So the vulnerability CVE-2016-2208 affects almost all Symantec products, including Symantec Endpoint Antivirus, Norton Antivirus, Symantec Scan Engine, and Symantec Email Security.
Ormandy argues that, theoretically at least, the error should affect any other product Symantec has developed with the SAE.
The researcher uncovered the problem with the security company, and she released a patch that all customers need to download and install.