Friday, November 24, 2017
Home / Security / Exploits / Sophos Anti Virus patches critical vulnerability

Sophos Anti Virus patches critical vulnerability

Security expert Tavis Ormandy has revealed critical security vulnerabilities in Sophos anti-virus software. This includes the publishing of a proof of concept (PoC) for a root exploit for Sophos 8.0.6 for Mac OS X, which applies a stack buffer overflow when searching through PDF files. The vulnerability is as well likely to affect Linux and Windows versions.

Ormandy has released a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available.

According to information from Sophos, the security deficits named have been patched since 5 November and the anti-virus company isn’t aware of any of the vulnerabilities having been exploited in the wild.  Sophos also expressly thanks Ormandy for his work and for exercising responsibility when discovering the problems. The complete list of bugs identified by Ormandy will, it says, be fixed by 28 November at the latest.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …