LiveUpdate vulnerability discovered
updated 04:50 pm EDT, Wed April 19, 2006
LiveUpdate vulnerability
Symantec has issued a bulletin regarding a local privilege escalation vulnerability in LiveUpdate for Macintosh. The company has released a patch to address the vulnerability, which is available via LiveUpdate. Risk impact is rated at "medium," with no known exploits publicly available. "Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack," Symantec wrote.



Fresh-Faced Recruit
Joined: Jan 2005
So...
...your "malware protection" software is more "malware" than "protection," eh?