McAfee fixes flaw in Mac antivirus software

By SearchSecurity.com Staff 28 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

More on McAfee McAfee: Malware all about ID theft Microsoft releases Vista APIs to security vendors Former McAfee official settles fraud charges

An issue exists with the default permissions and validation of specific files belonging to McAfee Virex 7.7 that may allow for local authenticated command execution, the Santa Clara, Calif.-based antivirus vendor said in an advisory

"The vulnerability is caused due to /Library/Application Support/Virex/VShieldExclude.txt having insecure permissions and being created insecurely," Danish vulnerability clearinghouse Secunia said in an advisory. "This can be exploited to create arbitrary files with escalated privileges via symlink attacks."

McAfee recommends that users apply the patch, which has been pushed to all its live update servers.

Tags: Application Firewall Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Firewall Security Web application firewall use goes beyond compliance, company finds Best Application Security Products Common PCI questions: Web application firewalls or source code review? IT pros find corporate firewall rules tough to navigate PCI compliance requirement 1: Firewalls Comparing an application proxy firewall and a gateway server firewall Citrix virtual desktop, app delivery controller includes security benefits How to choose between source code reviews or Web application firewalls Check Point adds virtual firewall appliance Web application firewall deployments gain traction

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary