McAfee security programs may expose data
Affects Internet Security Suite, SpamKiller, Privacy Service, Virus Scan Plus
Updated: 2 hours, 51 minutes ago
http://www.msnbc.msn.com/id/14133965/SAN FRANCISCO - Consumer versions of McAfee Inc.'s leading software for securing PCs is susceptible to a flaw that can expose passwords and other sensitive information stored on personal computers, researchers said Monday.
The vulnerability affects many of McAfee's most popular consumer products, including its Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles, said Marc Maiffret, chief hacking officer at eEye Digital Security Inc., a competing maker of security products.
McAfee spokeswoman Siobhan MacDermott confirmed the vulnerability and said software engineers were testing a fix. She said officials expected to release the patch Wednesday using a feature that automatically updates McAfee products over the Internet. The flaw does not affect 2007 versions of McAfee products, which were released Saturday, she said. Maiffret said he has found a way to connect to PCs running the flawed McAfee products over the Internet and make them run code of his choosing. The flaw, if exploited, would make it possible for a criminal to track bank account numbers, and access, modify and delete sensitive files and do other damage on machines running the McAfee products, he said.
The reported flaw came on the same day that McAfee posted an item on its Web site taking a swipe at Microsoft Corp., whose products increasingly compete with the offerings of McAfee, Symantec Corp. and other security companies. It warned that code had been released that exploited flaws in a feature used to automate certain administrative tasks in Microsoft's Windows operating system.