Symantec security software had 'critical' flaws

  • Published
Symantec Logo - a yellow circle with a tick in itImage source, Reuters

Computer security company Symantec has patched eight security holes discovered in its own security software.

Researchers at Google's Project Zero informed Symantec of "multiple critical vulnerabilities", which they said were "as bad as it gets".

The vulnerabilities were present in Symantec and Norton-branded security software such as Norton Antivirus.

Symantec said: "Fixes are currently in place, and updates are now available for customers to install."

The vulnerabilities were fixed before Project Zero - which aims to discover security holes in software before they can be exploited by criminals - made the details public.

Researcher Tavis Ormandy said in a blogpost, external: "They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible."

"Symantec dropped the ball here."

Symantec said in a blogpost , externalthat it had not seen any evidence that anybody had tried to exploit the security flaws.

"Staying ahead of the threats from attackers requires vigilance and industry-wide information sharing," wrote Adam Bromwich, vice-president of security technology and response at Symantec.

"We remain committed to ensuring our products address today's most sophisticated threats, and we thank the security community for their assistance."

Related internet links

The BBC is not responsible for the content of external sites.