14 DAY TRIAL // ZoneAlarm is one of the best known security companies in the entire world because it developed a lot of applications currently installed on millions of computers from all over the world. The most popular is surely ZoneAlarm Firewall, a security program that monitors the incoming and the outcoming traffic as well as the softwares that require Internet access. Because it is so powerful and popular, it doesn't necessarily mean the company is always strong and efficient. According to some security advisories released today, the products designed by the company contain a security flaw that can allow an attacker to obtain root privileges on an affected system.
"Some vulnerabilities have been reported in ZomeAlarm products, which can be exploited by malicious, local users to gain escalated privileges. Insufficient address space verification within the 0x22208F and 0x0x2220CF IOCTL handlers of SRESCAN.SYS and insecure permissions on the .SreScan DOS device interface can be exploited to e.g. access the said IOCTL handlers and overwrite arbitrary memory and execute code with kernel privileges," Secunia said in the advisory.
Secunia rated the flaw as less critical and sustained the affected version of the application is 5.0.63.0 but other editions might also be vulnerable. The parent company already patched the flaw and released an update that will upgrade the ZoneAlarm version to 5.0.156.0. However, the vulnerability discovered in one of the most known security tools on the market reveals that our computers are continuously under attack while the data stored on the systems might be accessed by unauthorized users.
However, in the past, the security applications were periodically brought in the spotlights because they were the main subject of several advisories. The antivirus solutions were often attacked by malicious users trying to exploit a user's computer using one of the most powerful applications installed on the system. Kaspersky, Norton Antivirus, McAfee were all affected by exploited security flaws but it seems like the hackers are now aiming to use the vulnerabilities discovered in other types of applications, firewalls.