IoT
News
News
5/30/2006
12:58 PM
50%
50%

Symantec Patches Flaw In Five Days

A stack overflow in several products, including its anti-virus family, was fully patched as of Sunday, according to an updated advisory on Symantec's Web site.

Symantec finished patching its buggy anti-virus line Sunday, just days after another security vendor said that machines running Symantec's enterprise products could be easily hijacked.

A stack overflow in the Cupertino, Calif. security company's Client Security 3.0 and 3.1, and its AntiVirus Corporate Edition 10.0 and 10.1, were fully patched as of Sunday, according to an updated advisory on Symantec's Web site. The fixes must be downloaded and installed manually.

Early Friday, Symantec confirmed that the two corporate anti-virus titles were flawed, and said it was working on a fix. Later that day, the company posted signature updates to its intrusion prevention system (IPS) appliances to protect those customers with the hardware on their networks.

The bug was discovered by Aliso Viejo, Calif.-based eEye Digital Security, which on Wednesday disclosed the vulnerability. eEye rated it as a "high" threat because it could be exploited by a worm that didn't require any user interaction.

As expected, Symantec's patch job was remarkably quick. Last week, eEye Digital spokesman Mike Puterbaugh said he was counting on Symantec to fix the flaw fast. "Symantec will fix this fairly quickly," said Puterbaugh. "Certainly a lot faster than the 140+ day average it takes Microsoft to fix a vulnerability."

Symantec's consumer-grade anti-virus family, which is sold under the Norton nameplate, was not vulnerable to the bug.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of July 17, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.