Menu
Live update from antivirus program harbors security hole

Live update from antivirus program harbors security hole

As a hacker group called 'Phenoelit' reports, the so-called live update function of Symantec's system tools and virus scanners in versions 1.4 to 1.6 can possibly be used to smuggle arbitrary code unnoticed onto a computer that supports the live update function uses.

By imitating the structure of the live update server from Symantec, it is possible to fool the function into such a way that, for example, malicious programs are downloaded instead of the renewed virus signatures. A bug fix from Symantec is still pending, but it should certainly not be long in coming.