Sophos Is Latest Anti-Virus Vendor With Vulnerabilities
A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday.
A bug in Sophos' anti-virus software can be exploited by attackers to gain complete control of a compromised computer, the bug tracker firm Secunia said on Thursday. Patches are not yet available for all the affected editions.
The vulnerability, touted by bug tracker Secunia as "highly critical," can be exploited to create a heap-based buffer overflow. Attacks which cause the most damage tend to originate with a buffer overflow, which lets experienced attackers completely compromise a system, and then introduce their own code, delete files, or purge users.
Sophos has fixed the flaw in Sophos Anti-Virus 3.96.0 for Windows, Unix, NetWare, OS/2, and OpenVMS. It's also been corrected in all versions of Sophos Anti-Virus 4.5.4.
The Windows editions of Sophos Anti-Virus Small Business Edition should be patched by Friday, July 29, Sophos said in a support notice. The rest of its Anti-Virus line-up should fixed in the next two weeks, the company added.
Sophos credited Alex Wheeler, an independent security researcher, with the discovery. Wheeler and Neel Mehta of Internet Security Systems have been digging into anti-virus products since February. They presented their findings at this week's Black Hat security conference in Las Vegas.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.