A critical flaw in Symantec antivirus engine puts computers at risk of easy hacking
The antivirus engine used in multiple Symantec products has an easy-to-exploit vulnerability that could allow hackers to easily compromise computers.
The flaw was fixed by Symantec in Anti-Virus Engine (AVE) version 2018.104.22.168, released Monday via LiveUpdate. The flaw consists of a buffer overflow condition that could be triggered when parsing executable files with malformed headers.
According to Google security engineer Tavis Ormandy, who found the flaw, the vulnerability can be exploited remotely to execute malicious code on computers. All it takes is for the attacker to send an email with the exploit file as attachment or to convince the user to visit a malicious link.