Sophos discloses bugs in security software

Security firm Sophos has released details of a security breach in its antivirus products.

A software developer said an independent researcher has discovered a security flaw in Sophos' antivirus, spam and other malicious scripts.

This security error arises in the way Sophos Anti-Virus handles the Microsoft Cabinet compressed files.

Sophos said that by creating a special Cabinet file to exploit this security bug, hackers can execute binary code on systems that have installed versions of Sophos Anti-Virus in error. In addition, exploiting this security error does not need to go through login authentication, making it even more exploitable. However, this security error does not prevent Sophos Anti-Virus from executing its inherent functions.

But Sophos also confirmed that the risk of being attacked through this security error is very low. There has not been any malicious code capable of exploiting attacks through this security error discovered. Sophos has also released a fix for security flaws in a wide range of products.

It is known that this security bug affects many different versions of Sophos Anti-Virus running on Microsoft Windows, Apple Mac OS and Linux operating systems, including Anti-Virus Small Business Edition, PureMessage and MailMonitor versions Gateway Security.

Sophos is not the only security firm that detects vulnerabilities in genuine security antivirus software. Earlier, Symantec also released a security bug in Scan Engine that could be exploited for illegal access and an organization attacking an infected system.

HVD - ( eWeek )