Symantec Snake Oil Goes Rancid

Researches with Googles Project Zero security team announced on Wednesday a major vulnerability affecting nearly all Symnatec snake-oil antivirus products. The kernel vulnerability requires no user action, which would allow attackers to corrupt system memory without requiring users to even open an email used to trigger the flaw.

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.

Symnatec indicated they were not aware of anyone actually exploiting the bug as of yet, and responded by making a new panacea that supposedly fixes the problem.

4 thoughts on “Symantec Snake Oil Goes Rancid

  1. > Symnatec indicated they were not aware of anyone actually exploiting the bug as of yet

    They keep blathering this shit as if a) anyone gives a used condom for what the bugmongers think on any topic and b) it could conceivably matter what one party "is aware of" even if that party hadn't already fucked goats in public. Fucking incredible already.

Leave a Reply to Mircea Popescu Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>