Today we’re publishing details of multiple critical vulnerabilities that we discovered, including many wormable remote code execution flaws.
These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.
This is unfathomable. Endpoint security products are supposed to prevent, not facilitate, compromises. Symantec products are seemingly just as vulnerable to attack as the Windows operating system itself.
Symantec, which recently acquired Blue Coat for $4bn, needs to step up its game if it intends to be taken seriously. Their security business is already in shambles, and not their bread-and-butter was severely dissected by Google and found to be highly dangerous.