"Consumer versions of McAfee's leading software for securing PCs are susceptible to a flaw that can expose passwords and other sensitive information stored on personal computers, the company says.
A McAfee spokeswoman, Siobhan MacDermott, confirmed the vulnerability Monday and said that software engineers were testing a fix. She said officials expected to release the patch Wednesday using a feature that automatically updates McAfee products over the Internet. The flaw does not affect 2007 versions of McAfee products, which were released Saturday, she said.
Marc Maiffret, chief hacking officer at eEye Digital Security, a competing maker of security products, said the vulnerability affected many of McAfee's most popular consumer products, including Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus.
Maiffret said he had found a way to connect to PCs running the flawed McAfee products over the Internet and take them over. The flaw makes it possible for a criminal to track bank account numbers, modify or delete sensitive files and do other damage on machines running the McAfee products, he said.
The flaw was reported the same day that McAfee posted an item on its Web site taking a swipe at Microsoft, warning of flaws in Microsoft's Windows operating system designed to automate certain administrative tasks.
"Microsoft products have always been an attractive target for hackers and malware authors," a posting on the McAfee Web log read.
Maiffret's company, which in the past has discovered flaws in products sold by Apple Computer, Microsoft, Symantec and McAfee, said he was withholding technical details of the new vulnerability to prevent criminals from learning how to exploit it.
The flaw comes two weeks after eEye disclosed a hole in a McAfee program for protecting business computers. In that case, McAfee said it had fixed the defect three months earlier but did not warn customers about it until eEye made it public."
http://www.iht.com/articles/2006/08/01/business/virus.php
Good thing I uninstalled McAfee few years/months ago. Comments and thoughts?
A McAfee spokeswoman, Siobhan MacDermott, confirmed the vulnerability Monday and said that software engineers were testing a fix. She said officials expected to release the patch Wednesday using a feature that automatically updates McAfee products over the Internet. The flaw does not affect 2007 versions of McAfee products, which were released Saturday, she said.
Marc Maiffret, chief hacking officer at eEye Digital Security, a competing maker of security products, said the vulnerability affected many of McAfee's most popular consumer products, including Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus.
Maiffret said he had found a way to connect to PCs running the flawed McAfee products over the Internet and take them over. The flaw makes it possible for a criminal to track bank account numbers, modify or delete sensitive files and do other damage on machines running the McAfee products, he said.
The flaw was reported the same day that McAfee posted an item on its Web site taking a swipe at Microsoft, warning of flaws in Microsoft's Windows operating system designed to automate certain administrative tasks.
"Microsoft products have always been an attractive target for hackers and malware authors," a posting on the McAfee Web log read.
Maiffret's company, which in the past has discovered flaws in products sold by Apple Computer, Microsoft, Symantec and McAfee, said he was withholding technical details of the new vulnerability to prevent criminals from learning how to exploit it.
The flaw comes two weeks after eEye disclosed a hole in a McAfee program for protecting business computers. In that case, McAfee said it had fixed the defect three months earlier but did not warn customers about it until eEye made it public."
http://www.iht.com/articles/2006/08/01/business/virus.php
Good thing I uninstalled McAfee few years/months ago. Comments and thoughts?