Google Project Zero Claims Symantec And Norton Software Security Exploits Are “As Bad As They Get’

Security researchers on Google's Project Zero team have discovered critical security flaws in several of Symantec's software security products, including its popular Norton line for consumers and Endpoint Protection for enterprises. No small thing, among the vulnerabilities are several wormable remote code execution flaws.

"These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption," the Project Zero team said.


Since Symantec uses the same core engine across its entire product line, all Symantec and Norton branded antivirus products are affected, including Norton Security, Norton 360, Symantec Endpoint Projection, Symantec Email Security, and so forth. Furthermore, not all of the affected products can be automatically updated.

"Administrators must take immediate action to protect their networks," Project Zero said.

It's surprising to find multiple critical vulnerabilities in products that are designed to protect users from security threats. In some cases, apparent laziness is to blame. The Project Zero team says Symantec flat out "dropped the ball" when it comes to vulnerability management, noting that it did a poor job monitoring for new releases of third party software used in its products.

"A quick look at the decomposer library shipped by Symantec showed that they were using code derived from open source libraries like libmspack and unrarsrc, but hadn't updated them in in at least 7 years," Project Zero said. "Dozens of public vulnerabilities in these libraries affected Symantec, some with public exploits."

The good news is Symantec was responsive to Project Zero's findings and published several advisories for customers, which you can find here.