McAfee on Tuesday confirmed that consumer versions of its leading software for securing PCs is vulnerable to a flaw that could leave users open to hackers.
Security software developer eEye discovered the vulnerability on July 19 and reported it to McAfee. The flaw means attackers could retrieve passwords and other sensitive personal information stored on a user’s computer. An attack could also lead to complete system compromise at which point an attacker could install Trojans, modify or delete files, or perform any other activity as a normal logged-on user would.
The vulnerability affects McAfee’s Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles, according to eEye. The firm rates the severity as “high.”
McAfee spokesperson Siobhan MacDermott confirmed that the company created a patch on July 25. The patch is now in quality assurance testing, with consumer distribution planned for Wednesday.
McAfee is in the process of informing its customers about the security flaw and is asking users to verify that they have received the latest update by visiting www.macafee.com/us/support/default.asp or calling 888-622-3911.
“In order for someone to accomplish the exploit, an attacker would need to remotely execute arbitrary code, which requires assistance by an authenticated end user in order to be successfully exploited,” MacDermott told TechNewsWorld. “This vulnerability does not affect our Falcon 2007 consumer products.”
Bad Timing for McAfee
The publicity black eye comes at a bad time with McAfee announcing a new line of security products this week. McAfee on Tuesday unveiled an identity theft protection system designed to thwart social engineering attacks including spyware, spam and other malicious programs through with its next generation of security service suites.
Both McAfee Internet Security Suite and McAfee Total Protection intend to offer theft protection to prevent the multiple scams that identity thieves use to target unprotected — or under-protected consumers.
Then again, some subscribe to the theory that there is no such thing as bad publicity. McAfee knew a public announcement of the vulnerability was forthcoming, but stood strong in its new product announcements nonetheless.
“Consumers have grown increasingly concerned about protecting their personally identifiable information as they search, browse and transact online,” said Marc Solomon, Director of Product Management, McAfee Consumer.
“With our new suites, McAfee arms consumers with improved and new technologies protecting them from traditional threats such as viruses, Trojans and spyware, as well as solutions for emerging threats such as rootkits,” he continued.
A Proactive Approach
A recent Harris Interactive survey reported that while 88 percent of computer users have antivirus software on their PCs, 65 percent of them have postponed updating the programs.
To address this issue, all of the McAfee suites are offered via subscription and provide automatic updates and upgrades which download so consumers’ activities are not disrupted.