Symantec accepts that the hacker group Anonymous stole source code from the 2006 versions of many Norton security products and the pcAnywhere remote access tool.
Although Symantec alleges the thievery really occurred in 2006, the issue didn’t come to hand until this month once hackers affiliated with Anonymous enounced they owned the source code and would release it publically. Users of the Norton products at issue are not at any amplified danger by attack because of the age of the source code and security measures and improvements have been made in the years since the breach, but the seller admitted on Tuesday night that “clients of Symantec’s pcAnywhere have expanded risk as a effect of this incident.”
Symantec pushed a patch fixing three vulnerabilities in pcAnywhere version 12.5 (the current version) on Monday, and alleged it will carry on coming out with patches “until a new version of pcAnywhere that addresses all currently known vulnerabilities is released.”
Symantec guided customers to a white paper that advocates disabling pcAnywhere, unless it’s required for business-critical use, because malevolent users with access to the source code could discover vulnerabilities and establish fresh exploits. “At this time, Symantec advocates disabling the product until Symantec releases a concluding set of package updates that dissolve presently acknowledged vulnerability risks,” the company said. “For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, assure pcAnywhere 12.5 is installed, implement all crucial patches as they’re released, and abide by the general security best practices discussed herein.”
As for Norton, Symantec alleged the source code stolen was from the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security, and Norton SystemWorks. Before this month, Symantec articulated no products were at jeopardy, but altered its message regarding pcAnywhere after further investigating.