04/19/2006, 4:50pm, EDT

Wednesday, April 19th

LiveUpdate vulnerability discovered

Symantec has issued a bulletin regarding a local privilege escalation vulnerability in LiveUpdate for Macintosh. The company has released a patch to address the vulnerability, which is available via LiveUpdate. Risk impact is rated at "medium," with no known exploits publicly available. "Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack," Symantec wrote.

Filed under: troubleshooting

, 7

7 comments

Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article

Expand All

Global Settings

Dr.Funkenstein

So...

04/19, 5:16pm, EDT

...your "malware protection" software is more "malware" than "protection," eh?

Fresh-Faced Recruit

Joined Jan 2005

User is offline

jonbwfc1

Huh?

04/19, 5:16pm, EDT

What's this? A Mac OS X system vulnerability and no Chicken Little style self serving press release from Symantec?

Ah no, hold on...

Fresh-Faced Recruit

Joined Nov 2003

User is offline

Dr.Funkenstein

The Onion

04/19, 5:17pm, EDT

couldn't have written a better story than this.

Fresh-Faced Recruit

Joined Jan 2005

User is offline

Daude

I bet

04/19, 5:50pm, EDT

that Symantec has a huge group of specialists, all sitting in the Norton wing, writing code emulating bugs and virii. Only to be aware of them, mind.

Fresh-Faced Recruit

Joined May 2005

User is offline

smitch

whistleblowin horntootin

04/19, 6:54pm, EDT

So.. the horntooter, looking for a reason to be, now is the whistleblower who heralds why we shouldn't give a care about them in the first place? Seems like this is all orchestrated to try to perpetuate fear... fear of a non-real threat now extended to a fear of a security hole? Sales gimmick more than likely. Why should we trust them in the first place if THEY are the security risk?

Fresh-Faced Recruit

Joined Nov 2005

User is offline

Ilgaz

Only makes me sad

04/20, 5:49am, EDT

I remember the excellent utilities coded by Peter Norton himself. He should sue them to take his name back from these "things".

Another victim is Quarterdeck. People used windows will remember.

It is like some mad cult just created to find excellent companies, products and buy them making them worst known products ever.

Thanks for publicly warning their users though.

Registered User

Joined Nov 2004

User is offline

testudo

Not a surprise

04/20, 11:39am, EDT

Norton AV is one of the biggest over-bloated, resource hogging, system destablizing piece of software out there. You could barely go a 10.x.x release of OS X without hearing "stay away if you have NAV, as it will cause kernel panics and impregnate your daughter!"

Why people put up with symantec is beyond me. They've abandoned the Mac platform completely, except for the one program they can get yearly payments from people for.

Fresh-Faced Recruit

Joined Aug 2001

User is offline

Your Comments

Not a member of the MacNN forums? Register now for free.

Default Comment View
External Page Links
Comment Threading View