McAfee, the anti-virus software maker, admits that two security holes in its SaaS for Total Protection product could grant spammers access to users’ computers. The first glitch potentially allows attackers to execute code through an ActiveX command, though an earlier patch for a separate issue renders the exploit unworkable. A second glitch in the company’s “rumor” technology allows hackers to turn the computer in question into an “open relay” through which spam could be sent, though they wouldn’t have access to the user’s data. At least one user has fallen prey to the attack so far. In a post on the company’s website, Director of Security Research David Marcus explains the issue, and says that the flaw should be automatically patched by January 19th. While it looks like McAfee has responded to the problem quickly and openly, it’s a pretty serious PR gaffe for a security company.
McAfee bug could turn company’s anti-malware service into spambot
A hole in one of McAfee’s security products has allowed hackers to exploit at least one user’s machine as a spam servers. The issue should be patched by January 19th.
A hole in one of McAfee’s security products has allowed hackers to exploit at least one user’s machine as a spam servers. The issue should be patched by January 19th.
Update: McAfee has let us know that the patch is rolling out now to Total Protection customers, and will “immediately eliminate any security risk.”
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
