US government tells Symantec and Norton Antivirus users to apply security patches immediately

US government tells Symantec and Norton Antivirus users to apply security patches immediately

Google security researcher Tavis Ormandy has uncovered critical vulnerabilities in a range of Symantec and Norton Antivirus products, which could be exploited by malicious hackers to launch attacks.

Here’s the skinny from the United States Computer Emergency Readiness Team (US-CERT):

The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.

US-CERT encourages users and network administrators to patch Symantec or Norton antivirus products immediately. While there has been no evidence of exploitation, the ease of attack, widespread nature of the products, and severity of the exploit may make this vulnerability a popular target.

Exploitable security holes in security software are a serious problem. Malicious attackers know that you’re likely to be running popular security products, just like you’re likely to have Windows and Adobe Flash installed. That, combined with the fact that your anti-virus product is running at a low-level on your computer with powerful privileges, can make for a noxious cocktail.

Sign up to our free newsletter.
Security news, advice, and tips.

So, patch your anti-virus software. And – if you’re a security vendor – try to iron out any vulnerabilities in your software *before* a malicious hacker or a Google employee uncovers them.

Check out Symantec’s SYM16-008 and SYM16-010 security advisories for more details of the available patches.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “US government tells Symantec and Norton Antivirus users to apply security patches immediately”

  1. Harald Mühlhoff

    Just be aware that the update might cause BSOD on some machines … https://community.norton.com/en/forums/norton-causing-bsod

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.