Sophos AV Teardown Reveals Critical Vulnerabilities

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/security/vulnerabilities/sophos-av-teardown-reveals-critical-vuln/240062599

By Mathew J. Schwartz
InformationWeek
November 07, 2012

Sophos has patched seven vulnerabilities in its antivirus software, 
including bugs that could be used by an attacker to take control of a 
Windows, Mac, or Linux system.

By exploiting the vulnerabilities, an attacker may be able to gain 
control of the system, escalate privileges, or cause a denial-of-service 
condition, according to a related security bulletin released the U.S. 
Computer Emergency Readiness Team (US-CERT).

The vulnerabilities were identified by Tavis Ormandy, a security 
researcher at Google, after he reverse-engineered the Sophos antivirus 
application in his spare time. "By design, antivirus products introduce 
a vast attack surface to a hostile environment. The vendors of these 
products have a responsibility to uphold the highest secure development 
standards possible to minimize the potential for harm caused by their 
software," said Ormandy in a related research paper, "Sophail: Applied 
attacks against Sophos Antivirus."

Ormandy said the paper focuses on "the process a sophisticated attacker 
would take when targeting Sophos users," noting that it applies to all 
platforms that Sophos supports, including Windows, Mac, Linux and their 
SAVI SDK product. SAVI SDK refers to the software development toolkit 
that Sophos OEM partners can use to integrate its antivirus application 
into other security software.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org