Sophos admits antivirus flaw
Published: 29 Jul 2005 09:05 BST
Sophos has announced a flaw in its flagship antivirus product, but said that it is working on fixes.
The Abingdon-based company said that Sophos Anti-Virus can potentially be attacked by a buffer overflow, which knocks out a program by flooding it with data. A patch has already been created for Sophos Antivirus 4.5.4 and for most versions of Sophos Antivirus 3.96.0. An update for Sophos Anti-Virus Small Business Edition will be released on Friday, and all other versions will be fixed within two weeks, the antivirus maker said.
"Although theoretically a risk, Sophos has not seen any examples of malware attempting to exploit this vulnerability," the company said in its advisory.
The flaw was discovered by Alex Wheeler, the company stated. Earlier in the week, Neel Mehta of ISS in Atlanta, said that he and Wheeler would hold a session at the Black Hat security conference this week in Las Vegas to outline how antivirus programs could increasingly become targets for hackers because of latent flaws.
In the past year, ISS has discovered bugs in products from security software makers Symantec, McAfee, Trend Micro and F-Secure, he noted. Earlier this week, several flaws discovered by ISS were disclosed and fixed in Clam Antivirus, a popular open source virus scanner.
Did you find this article useful?
112 out of 187 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
1 comment
