14 DAY TRIAL // Symantec has warned of a new vulnerability discovered in its On-Demand Agent that, in the eventuality of an exploit, would permit a local attacker to decrypt files on the target machine. The security company has already addressed the situation and provided fixes for the vulnerability prior to its disclosure.
"Symantec On-Demand Agent (SODA) provides a Virtual Desktop environment to secure Web-based applications and services. Files created while in the virtual desktop are encrypted as they are saved to a hard drive or removable media, if that option is enabled in the policy configuration. Symantec is aware of a method which could potentially be used to defeat the encryption on these files," reads a message from the company.
Although it has characterized the threat as medium level, Symantec has also stated that, in actuality, accessing the files encrypted through the Symantec On-Demand Virtual Desktop via a successful exploit will be the true measure of the impact, as this parameter is in concordance with the sensitive protected data. Symantec has also disclosed that neither Macintosh nor Linux operating systems have proven vulnerable to the exploit, the flaw being limited to Windows users.
"Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue. As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats," advised Symantec.