troubleshooting/tutorials/security

04/19/2006, 4:50pm, EDT

Wednesday, April 19th

LiveUpdate vulnerability discovered

Symantec has issued a bulletin regarding a local privilege escalation vulnerability in LiveUpdate for Macintosh. The company has released a patch to address the vulnerability, which is available via LiveUpdate. Risk impact is rated at "medium," with no known exploits publicly available. "Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack," Symantec wrote.


Filed under: troubleshooting

, , 7comments, del.icio.us, slashdot, digg, buzz


7 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
So...
0
04/19, 5:16pm, EDT
...your "malware protection" software is more "malware" than "protection," eh?
Fresh-Faced Recruit
Joined Jan 2005
User is offline
Huh?
0
04/19, 5:16pm, EDT
What's this? A Mac OS X system vulnerability and no Chicken Little style self serving press release from Symantec?

Ah no, hold on...



Fresh-Faced Recruit
Joined Nov 2003
User is offline
The Onion
0
04/19, 5:17pm, EDT
couldn't have written a better story than this.
Fresh-Faced Recruit
Joined Jan 2005
User is offline
I bet
0
04/19, 5:50pm, EDT
that Symantec has a huge group of specialists, all sitting in the Norton wing, writing code emulating bugs and virii. Only to be aware of them, mind.
Fresh-Faced Recruit
Joined May 2005
User is offline
whistleblowin horntootin
0
04/19, 6:54pm, EDT
So.. the horntooter, looking for a reason to be, now is the whistleblower who heralds why we shouldn't give a care about them in the first place? Seems like this is all orchestrated to try to perpetuate fear... fear of a non-real threat now extended to a fear of a security hole? Sales gimmick more than likely. Why should we trust them in the first place if THEY are the security risk?
Fresh-Faced Recruit
Joined Nov 2005
User is offline
Only makes me sad
0
04/20, 5:49am, EDT
I remember the excellent utilities coded by Peter Norton himself. He should sue them to take his name back from these "things".

Another victim is Quarterdeck. People used windows will remember.

It is like some mad cult just created to find excellent companies, products and buy them making them worst known products ever.

Thanks for publicly warning their users though.
Registered User
Joined Nov 2004
User is offline
Not a surprise
0
04/20, 11:39am, EDT
Norton AV is one of the biggest over-bloated, resource hogging, system destablizing piece of software out there. You could barely go a 10.x.x release of OS X without hearing "stay away if you have NAV, as it will cause kernel panics and impregnate your daughter!"

Why people put up with symantec is beyond me. They've abandoned the Mac platform completely, except for the one program they can get yearly payments from people for.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com
Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.