Content deleted Content added
→Vulnerabilities: Updated Youtube URL. Tags: Mobile edit Mobile web edit |
→Vulnerabilities: Info. Tags: Mobile edit Mobile web edit |
||
Line 36:
==Vulnerabilities==
In early 2012, [[source code]] for Symantec Endpoint Protection was stolen and published online.<ref name="Vijayan 2012">{{cite web | last=Vijayan | first=Jaikumar | title=Symantec confirms source code leak in two enterprise security products | website=Computerworld | date=6 January 2012 | url=http://www.computerworld.com/article/2501007/cybercrime-hacking/symantec-confirms-source-code-leak-in-two-enterprise-security-products.html | accessdate=18 April 2017}}</ref> A hacker group called "The Lords of Dharmaraja" claimed credit, alleging the source code was stolen from Indian [[military intelligence]].<ref name="Akhtar 2012">{{Cite web |url=https://www.cnet.com/news/that-stolen-symantec-source-code-its-for-older-enterprise-products/ |title=That stolen Symantec source code? It's for older enterprise products |last=Akhtar |first=Iyaz |date=6 January 2012 |website=[[CNET]] |publisher=[[CBS Interactive]] |access-date=18 April 2017}}</ref> The Indian government requires vendors to submit the source code of any computer program being sold to the government, to ensure that they are not being used for [[espionage]].<ref name="Vijayan 2012"/> In July 2012, an update to Endpoint Protection caused compatibility issues, triggering a [[Blue Screen of Death]] on [[Windows XP]] machines running certain third-party [[file system]] [[Device driver|drivers]].<ref>{{Cite web |url=https://www.scmagazineuk.com/news/symantec-fixes-blue-screen-of-death-bug/article/546098/ |title=Symantec fixes 'blue screen of death' bug |last=Raywood |first=Dan |date=16 July 2012 |website=SC Magazine UK |publisher=[[Haymarket Media Group]] |access-date=16 April 2017}}</ref> In 2014, Offensive Security discovered an exploit in Symantec Endpoint Protection during a [[penetration test]] of a financial services organization.<ref name="Kirk 2014" /> The exploit in the Application and Device control driver allowed a logged-in user to get system access.<ref name="Kirk 2014">{{Cite web |url=http://www.networkworld.com/article/2461981/security/symantec-patches-privilege-escalation-flaws-in-endpoint-protection.html |title=Symantec patches privilege escalation flaws in Endpoint Protection |last=Kirk |first=Jeremy |date=5 August 2014 |website=[[Network World]] |publisher=[[IDG]]}}</ref> It was patched that August.<ref name="Kirk 2014" /> In 2019, Ofir Moskovitch, a Security Researcher discovered a Race Condition bug which involves 2 Critical Symantec Endpoint Protection Client Core Components:
==Reception==
| |||