Symantec Critical Flaw Discovered – Hackers Can Take Control To Your Computer

By | May 18, 2016

Symantec

Security researchers disclosed a critical security flaw in a famous antivirus software Symantec. 

Symantec Corporation asked its users who are using Symantec and Norton products to to update their software, According to them security researcher disclosed a serious vulnerability that can be exploited by hackers to gain complete control over computer systems.

This security issue is disclosed by Google Project Zero bug-hunter Tavis Ormandy, the cross-platform bug in Symantec’s core product range can be used to attack Windows, Mac and Linux systems.

According to the security researchers

This critical security flaw exists in the core scan engine, most of the Symantec products are using same scanning engine so “majority” of Symantec products are vulnerable.

Vulnerability may exists in

  • Endpoint Antivirus (All Plateforms)
  • Norton Antivirus (All Plateforms)
  • Symantec Scan Engine (All Plateforms)
  • Symantec Email Security (All Plateforms)

Execution of Vulnerability

This is a remote code execution vulnerability. Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it.

On Windows with Symantec Endpoint Antivirus, this vulnerability permits code execution as NT AUTHORITY\SYSTEM in the ccSvcHost.exe process. On Norton Antivirus for Windows, this code is loaded into the kernel and results kernel pool corruption.

When parsing executables packed by an early version of aspack, a buffer overflow can occur in the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products. The problem occurs when section data is truncated, that is, when SizeOfRawData is greater than SizeOfImage.

On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process. On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel, making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get.

Twitter

All Symantec users are now highly advised to download the relevant patch to stay safe from hackers and cybercriminals that may seek to exploit this now-public flaw.

Subscribe for latest security updates