The H – (International) Sophos fixes critical security vulnerability. A security expert revealed critical security vulnerabilities in Sophos antivirus software. This includes the publication of a proof-of-concept for a root exploit for Sophos 8.0.6 for Mac OS X, which uses a stack buffer overflow when searching through PDF files. The vulnerability is also likely to affect Linux and Windows versions. The security expert published a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available. According to Sophos, the security deficits listed have been fixed since November 5, and the antivirus company is unaware of any vulnerabilities exploited in the wild. The complete list of bugs identified by the security expert will, it said, be fixed by November 28 at the latest. The security expert's paper on security deficits in Sophos software is particularly critical of the product's approach to address space layout randomization (ASLR). The paper also describes the ability to use PDF file encryption to trigger a stack buffer overflow, allowing an attacker to use a crafted URL or email to execute malicious code on an affected computer.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
