Yes the well-known Symantec: Ο Tavis Ormandy, είναι μέλος της ομάδας του Project Zero της Google. Ο ερευνητής το τελευταίο διάστημα έχει ανακαλύψει ευπάθειες στο λογισμικό κορυφαίων εταιρειών security and it seems Symantec's time has come.
So according to the researcher, the vulnerabilities he discovered affect a large number productof Symantec, and cannot be fixed through automatic updates.
Ormandy says in a Google blog post: "(vulnerabilities) do not require any user interaction, and can affect the default configuration even of software running at the highest privilege levels. In some cases in Windows, the vulnerable code can also be loaded into the kernel, destroying the kernel memory. ”
The vulnerable code referred to by Ormandy is part of ASPack, the commercial packaging software used by Symantec to pack the software that analyzes files and scans for malware.
Ormandy reports that Symantec's error is that this component runs at the core of the operating system with the highest privileges available. So the vulnerability gives the attacker a gold ticket for complete control of the system.
In addition to this main issue that has been registered as CVE-2016-2208, the researcher also supports that he has found multiple buffer overflows and memory corruption issues.
The researcher also discovered that Symantec had been using open source libraries in its products, such as libmspack and unrarsrc, but forgot to update them for the last seven years. An attacker should only find the right tool available freely on the Internet to breach any system running Symantec products.
Some of these issues are insignificant, according to Ormandy, who states that some others do not require user interaction, and that some of them are wormable. But everything is able to spread to other nearby devices with the infected.
The list of affected products includes: all Norton products, Endpoint Protection, Email Security, Protection Engine, Protection for SharePoint Servers, and more.
In all cases, the vulnerabilities are cross-platform. The company, however, is said to have released patches for all affected products.
Τον Μάιο, ο Ormandy βοήθησε τη Symantec να κλείσει άλλο ένα κενό ασφαλείας σε προϊόν της. Εκτός από τη Symantec, ο ίδιος ερευνητής διαπίστωσε σφάλματα στο λογισμικό και άλλων μεγάλων εταιρειών ασφάλειας, όπως FireEye, ESET, Kaspersky, Bromium, Trend Micro, Comodo, Malwarebytes, Avast, and AVG.