Symantec antivirus security flaw exposes Linux, Mac and Windows
A victim doesn't even need to open the email for this exploit to work.
![](https://s.yimg.com/ny/api/res/1.2/YSMxa0YGZFRnxWdqzn8zXA--/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTU5Mg--/https://o.aolcdn.com/hss/storage/midas/4cc177e72898a2852731ab95d4635d7a/203830577/103633957-ed.jpg)
Security holes in antivirus software are nothing new, but holes that exist across multiple platforms? That's rare... but it just happened. Google's Tavis Ormandy has discovered a vulnerability in Symantec's antivirus engine (used in both Symantec- and Norton-branded suites) that compromises Linux, Mac and Windows computers. If you use an early version of a compression tool to squeeze executables, you can trigger a memory buffer overflow that gives you root-level control over a system.
The kickers are that it's both easy to launch the exploit and particularly vicious in most cases. As Symantec is intercepting system input and output, you only need to email a file -- the victim doesn't even need to read the email, just the act of AV scanning it is a trigger -- or send a web link to wreck someone's day. And on Windows, an attack compromises the kernel -- you know, the very deepest level of the operating system.
The good news? Symantec is taking care of this relatively quickly. Its antivirus suites with LiveUpdate should already have a patch in place. The biggest concern surrounds software that requires a more conventional patching process. There aren't any known exploits in the wild, but it's reasonable to presume that Symantec wants to have everything up to date before would-be hackers develop an intrusion technique.
Shit is so bad someone can crash/infect you by just sending you an email. You don't even need to open it dawg. pic.twitter.com/CJbtNxNG2S
— SecuriTay (@SwiftOnSecurity) May 17, 2016
Kernel memory corruption in Symantec/Norton antivirus, CVE-2016-2208 (more patches soon). https://t.co/Sqhm0a48Fp pic.twitter.com/F22xDIelSU
— Tavis Ormandy (@taviso) May 17, 2016