NAV security patch

Symantec said it was readying a patch for the security flaw in virtually all versions of its anti-virus software--including Mac OS X--that could allow users to take control of the machine via the internet. PC World provided : "To create a heap overflow, a malicious hacker sends large amounts of data that overwhelm a buffer, an area used for temporary data storage. This attack, similar to a buffer overflow, lets attackers overwrite portions of a system's memory in order to run their own malicious code. Symantec users are vulnerable to the attack when their antivirus software scans the RAR files for viruses or worms, Wheeler wrote. The attack can be launched via e-mail without the user having to open the message or click on an attachment, he said." While the company has not released a patch for its software, it has releassed a patch that will detect exploits designed to compromise systems using this vulnerability. Users can also turn off the scanning of RAR files to secure their systems.

by MacNN Staff