Security researchers from Google’s Project Zero division have identified several serious vulnerabilities in home and enterprise security software from Symantec.
These vulnerabilities can be exploited without any action from the user and allow an attacker to remotely execute malicious code or corrupt the user’s system.
The vulnerabilities affect all of the products on Symantec’s security and anti-virus platform for Windows, Mac and Linux operating systems, including:
- Norton Security, Norton 360, and other legacy Norton products (all platforms)
- Symantec Endpoint Protection (all versions, all platforms)
- Symantec Email Security (all platforms)
- Symantec Protection Engine (all platforms)
- Symantec Protection for SharePoint Servers
The flaws are in part due to the software architecture and in part due to the use of outdated open-source code libraries. Symantec has already released patches, so all Symantec and Norton users are advised to update their product either by running Live Update or download the fixes from Symantec.