What some sites have termed "as bad as it gets", while others are blasting Symantec for not fixing basic flaws in their AV engine,
Google's Project Zero Security Team revealed multiple vulnerabilities in Symantec's AV products since mid-May? Not all of which are apparently fixed to date.
Some vulnerabilities were deemed so serious that receiving an "unopened" email was enough to exploit a serious flaw. Others described as allowing hackers the ability to take control of an infected machine.
Quite possibly, AV software may become the attack vector of choice for hackers as they typically operate with elevated permissions. Potentially allowing direct access to exploit system code, where AV software vulnerabilities are not patched in a timely manner.
One thing is certain, if you're running Symantec or any security software, you need to keep in patched with routine updates. And if running outdated AV with an expired license? Good luck?
Though Symantec's flaws appear more numerous, Project Zero has exposed other highly rated security software serious vulnerabilities, including FireEye, Kaspersky Lab, McAfee, Sophos, and Trend Micro. Though one top rated security AV package has apparently managed to remain off the list? Bitdefender, an available free version mentioned several times in other posts. You can find the Project Zero Issues list
here.
