toggle

AAPL Stock: 100.89 ( -0.65 )

Printed from http://www.macnn.com

LiveUpdate vulnerability discovered

updated 04:50 pm EDT, Wed April 19, 2006

LiveUpdate vulnerability

Symantec has issued a bulletin regarding a local privilege escalation vulnerability in LiveUpdate for Macintosh. The company has released a patch to address the vulnerability, which is available via LiveUpdate. Risk impact is rated at "medium," with no known exploits publicly available. "Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack," Symantec wrote.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Dr.Funkenstein

    Joined: Dec 1969

    0

    So...

    ...your "malware protection" software is more "malware" than "protection," eh?

  1. jonbwfc1

    Joined: Dec 1969

    0

    Huh?

    What's this? A Mac OS X system vulnerability and no Chicken Little style self serving press release from Symantec?

    Ah no, hold on...



  1. Dr.Funkenstein

    Joined: Dec 1969

    0

    The Onion

    couldn't have written a better story than this.

  1. Daude

    Joined: Dec 1969

    0

    I bet

    that Symantec has a huge group of specialists, all sitting in the Norton wing, writing code emulating bugs and virii. Only to be aware of them, mind.

  1. smitch

    Joined: Dec 1969

    0

    whistleblowin horntootin

    So.. the horntooter, looking for a reason to be, now is the whistleblower who heralds why we shouldn't give a care about them in the first place? Seems like this is all orchestrated to try to perpetuate fear... fear of a non-real threat now extended to a fear of a security hole? Sales gimmick more than likely. Why should we trust them in the first place if THEY are the security risk?

  1. Ilgaz

    Joined: Dec 1969

    0

    Only makes me sad

    I remember the excellent utilities coded by Peter Norton himself. He should sue them to take his name back from these "things".

    Another victim is Quarterdeck. People used windows will remember.

    It is like some mad cult just created to find excellent companies, products and buy them making them worst known products ever.

    Thanks for publicly warning their users though.

  1. testudo

    Joined: Dec 1969

    0

    Not a surprise

    Norton AV is one of the biggest over-bloated, resource hogging, system destablizing piece of software out there. You could barely go a 10.x.x release of OS X without hearing "stay away if you have NAV, as it will cause kernel panics and impregnate your daughter!"

    Why people put up with symantec is beyond me. They've abandoned the Mac platform completely, except for the one program they can get yearly payments from people for.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Pure Jongo T2 wireless speaker

Multi-room audio compatibility is a key metric for wireless sound systems these days. The entry cost into a house-spanning system can ...

toggle

Most Commented