toggle

AAPL Stock: 431.77 ( -0.23 )

http://www.macnn.com/articles/06/04/19/liveupdate.vulnerability/

LiveUpdate vulnerability discovered

updated 04:50 pm EDT, Wed April 19, 2006

 

LiveUpdate vulnerability


Symantec has issued a bulletin regarding a local privilege escalation vulnerability in LiveUpdate for Macintosh. The company has released a patch to address the vulnerability, which is available via LiveUpdate. Risk impact is rated at "medium," with no known exploits publicly available. "Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack," Symantec wrote.


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. Dr.Funkenstein

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    04/19, 05:16pm | report spam | Reply |

    So...

    ...your "malware protection" software is more "malware" than "protection," eh?

  1. jonbwfc1

    Fresh-Faced Recruit

    Joined: Nov 2003

    0
    04/19, 05:16pm | report spam | Reply |

    Huh?

    What's this? A Mac OS X system vulnerability and no Chicken Little style self serving press release from Symantec?

    Ah no, hold on...



  1. Dr.Funkenstein

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    04/19, 05:17pm | report spam | Reply |

    The Onion

    couldn't have written a better story than this.

  1. Daude

    Fresh-Faced Recruit

    Joined: May 2005

    0
    04/19, 05:50pm | report spam | Reply |

    I bet

    that Symantec has a huge group of specialists, all sitting in the Norton wing, writing code emulating bugs and virii. Only to be aware of them, mind.

  1. smitch

    Fresh-Faced Recruit

    Joined: Nov 2005

    0
    04/19, 06:54pm | report spam | Reply |

    whistleblowin horntootin

    So.. the horntooter, looking for a reason to be, now is the whistleblower who heralds why we shouldn't give a care about them in the first place? Seems like this is all orchestrated to try to perpetuate fear... fear of a non-real threat now extended to a fear of a security hole? Sales gimmick more than likely. Why should we trust them in the first place if THEY are the security risk?

  1. Ilgaz

    Registered User

    Joined: Nov 2004

    0
    04/20, 05:49am | report spam | Reply |

    Only makes me sad

    I remember the excellent utilities coded by Peter Norton himself. He should sue them to take his name back from these "things".

    Another victim is Quarterdeck. People used windows will remember.

    It is like some mad cult just created to find excellent companies, products and buy them making them worst known products ever.

    Thanks for publicly warning their users though.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0
    04/20, 11:39am | report spam | Reply |

    Not a surprise

    Norton AV is one of the biggest over-bloated, resource hogging, system destablizing piece of software out there. You could barely go a 10.x.x release of OS X without hearing "stay away if you have NAV, as it will cause kernel panics and impregnate your daughter!"

    Why people put up with symantec is beyond me. They've abandoned the Mac platform completely, except for the one program they can get yearly payments from people for.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

toggle

Most Commented

 

Popular News