Multiple trivially remotely exploitable vulnerabilities were disclosed this week in Sophos antivirus products, after researcher Tavis Ormandy had worked with the company to ensure patches were in place prior to the release. As Ormandy included proof-of-concept exploits in his disclosure notes, malicious activity around them is expected to begin immediately. Users of Sophos products should update their software immediately.
In a scathing writeup that is a follow-on to a more theoretical release last year, well-known security researcher Tavis Ormandy released a series of practical attack techniques against common Sophos antivirus deployments, including integer overflows, cross-site scripting, heap overflows, denials of service, etc. As Ormandy disclosed the vulnerabilities to Sophos in October, patches are available for all but one of the attacks (a denial of service); customers are urged to
update as soon as possible, since with the detailed explanations of how to exploit provided in Ormandy’s paper, exploits are likely to emerge in the wild essentially immediately.
NOV
2012