When it comes to security holes, there are a few things that you don’t want to create security holes. One of these things is your anti-virus software and yet, Symantec’s antivirus engine did just that.
The vulnerability was discovered by Google’s Travis Ormandy, and not only did it open up systems to problems but it did so on Linux, Mac and Windows computers all at the same time. The issue comes from a compression tool that allowed root-level access over systems or on Windows systems compromises the kernel, something you never want happening without your explicit permission.
The security breach can be triggered by anything from a web link in an email to sending a ZIP file that the anti-virus starts checking to trigger the problem. While a huge problem, Symantec is looking to fix it now with a patch already in place for antivirus suites using the LiveUpdate system. The problem you may face though is bigger if you use the software at a company or group that doesn’t use real-time updates.
Once the patch goes live, it’s recommended that any group using Symantec’s antivirus software checks they’ve got a the latest version. While it’s not known to be in use yet, typically a vulnerability of this scale doesn’t stay unused for long.
