The H – (International) Sophos fixes critical security vulnerability. A security expert revealed critical security vulnerabilities in Sophos antivirus software. This includes the publication of a proof-of-concept for a root exploit for Sophos 8.0.6 for Mac OS X, which utilizes a stack buffer overflow when searching through PDF files. The vulnerability is also likely to affect Linux and Windows versions. The security expert published a full analysis on the SecLists.org security mailing list newsletter. A module for the Metasploit penetration testing software is now also available. According to information from Sophos, the security deficits listed have been fixed since November 5 and the antivirus company is not aware of any of the vulnerabilities having been exploited in the wild. The complete list of bugs identified by the security expert will, it said, be fixed by November 28 at the latest. The security expert's paper on security deficits in Sophos software is particularly critical of the product's approach to address space layout randomization (ASLR). The paper also describes the ability to use PDF file encryption to trigger a stack buffer overflow, allowing an attacker to use a crafted URL or email to execute malicious code on an affected computer.
Ali Loney, on November 06, 2012