McAfee admits flaws in SaaS for Total Protection

The Intel-owned security firm admits to holes in its SaaS anti-malware product, with plans to patch this week.

McAfee

McAfee has confirmed SaaS for Total Protection contains two vulnerabilities which could let hackers use machines as open relays for spam.

The security company owned by Intel admitted the flaws in its hosted anti-malware solution in a blog post, trying to reassure customers the holes were limited to this single product.

The first flaw could allow attackers to "misuse" ActiveX controls in order to execute malicious code. However, the second would enable cyber criminals to use an infected machine as an open relay to distribute spam to other users.

Whilst the first was similar to an issue patched in August last year, meaning the risk for customer data was low, the second hole has been abused by spammers.

"The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them," wrote David Marcus, director of security research for McAfee.

"Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine."

McAfee hopes to release a patch to fix both issues this week as soon as it has finished the necessary testing.

"Because this is a managed product, all affected customers will automatically receive the patch when it is released," added Marcus.

The company claimed there was no evidence of loss or compromise of any customer data due to the two flaws.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021
Neiman Marcus data breach hits 4.6 million customers
data breaches

Neiman Marcus data breach hits 4.6 million customers

4 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
McAfee Total Protection review: Quick, effective and affordable
antivirus

McAfee Total Protection review: Quick, effective and affordable

23 Aug 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021