Security Bigwigs Patch Their Programs

Symantec, McAfee, and Computer Associates have all fixed serious flaws in their software with recent patches and updates.

Symantec, McAfee, and Computer Associates have all recently announced fixes for vulnerabilities in their products.

McAfee's advisory describes problems, which were actually patched silently in March, in a variety of products including VirusScan and the company's Internet Security Suite . Flawed ActiveX controls could be exploited by malicious Web sites to run arbitrary code.

Symantec's issues with an ActiveX control in Norton Internet Security 2006 could also lead to arbitrary code execution. They have also been fixed through updates that are available through LiveUpdate.

CA's problems , in its CA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware, are more difficult to exploit. They require local access, meaning the attacker has to get a program on the user's system and run it first. They could lead to elevated privileges. They have also been fixed by updates through normal channels.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International