Security Software From AVG, Symantec and McAfee Open To Hackers

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
According to researchers, flawed uses of code hooking has introduced vulnerabilities that hackers can exploit in as many as fifteen products including those from big names like Symantec, McAfee and AVG.

Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use ‘hooking’ to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn’t otherwise or whose exploitation would have been difficult.
 

Darunion

2[H]4U
Joined
Oct 6, 2010
Messages
3,952
Hmm and it being massively publicized both causes these companies to get pressure to fix it and also now makes more people with bad intents aware of this.
 

steakman1971

2[H]4U
Joined
Nov 22, 2005
Messages
2,433
I have a wife and 2 kids that are not safe computer users. I picked Symantec's software - just great to read news like this. I've also restricted their access on the systems they use.
Any suggestions to help control our users?
 
Top