New Vulnerability Discovered in McAfee's Solution

The security of our computers is more and more threatened by numerous vulnerabilities discovered in the application installed on our computers. Every day, new security flaw is reported in the antivirus solutions, firewalls, audio players and even in compression tools. Today, it is McAfee's turn because security company Secunia identified a new vulnerability in McAfee VirusScan for Mac (Virex) that can allow an attacker to obtain administrator privileges on an affected computer.

Although the security firm rated the flaw as less critical, it is an obvious sign that the protection systems of our computers are threatened every day by more and more malicious vulnerabilities. Secunia sustained the flaw was confirmed in version 7.7 but other editions of the program might be affected too. McAfee was informed about the vulnerability and released a security advisory to present all the information about it and also to provide a patch to fix the flaw.

"An issue exists with the default permissions and validation of specific files belonging to McAfee Virex 7.7 that may allow for local authenticated command execution. A successful exploit of this security flaw would allow a local privileged attacker to execute code on the machine running the indicated software. These injected commands would be limited to the privileges of the id in which the Virex 7.7 product is running on the machine. In order to accomplish this exploit, an attacker would have to have authenticated access to the machine. Updating McAfee Virex 7.7 to patch 1 will correct issues with file permissions and validation," McAfee sustained in a security bulletin.

If you think that you might be vulnerable, you can download McAfee Virex 7.7 patch 1 from the McAfee server available on this link. You must remember the patch must be installed only after you close the antivirus solution and you must reboot your computer after the installation is finished.