McAfee admits flaws in SaaS for Total Protection
By Tom Brewster,
McAfee has confirmed SaaS for Total Protection contains two vulnerabilities which could let hackers use machines as open relays for spam.
The security company – owned by Intel – admitted the flaws in its hosted anti-malware solution in a blog post, trying to reassure customers the holes were limited to this single product.
The first flaw could allow attackers to “misuse” ActiveX controls in order to execute malicious code. However, the second would enable cyber criminals to use an infected machine as an open relay to distribute spam to other users.
Whilst the first was similar to an issue patched in August last year, meaning the risk for customer data was low, the second hole has been abused by spammers.
“The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them,” wrote David Marcus, director of security research for McAfee.
“Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine.”
McAfee hopes to release a patch to fix both issues this week as soon as it has finished the necessary testing.
“Because this is a managed product, all affected customers will automatically receive the patch when it is released,” added Marcus.
The company claimed there was no evidence of loss or compromise of any customer data due to the two flaws.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
