Mac Developer: High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica
High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica: ""These vulnerabilities are as bad as it gets," Tavis Ormandy, a researcher with Google's Project Zero, wrote in a blog post. "They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.""
Further proof that security is hard and you shouldn't hand over root level access to any app that's going to be "always on".
Labels: security flaw