by Dan Goodin - Nov 6, 2012 - arstechnica
Advisory comes after security app is patched to fix dangerous defects.
Antivirus provider Sophos has fixed a variety of dangerous defects in its products that were discovered by a security researcher who is recommending many customers reconsider their decision to rely on the company.
"Sophos claim that their products are deployed throughout healthcare, government, finance, and even the military," Tavis Ormandy wrote in an e-mail posted to a public security forum. "The chaos a motivated attacker could cause to these systems is a realistic global threat. For this reason, Sophos products should only ever be considered for low-value non-critical systems and never deployed on networks or environments where a complete compromise by adversaries would be inconvenient."
A more detailed report that accompanied Ormandy's e-mail outlined a series of vulnerabilities that attackers can exploit remotely to gain complete control over computers running unpatched versions of the Sophos software. At least one of them requires no interaction on the part of a victim, opening the possibility of self-replicating attacks, as compromised machines in turn exploit other machines
, he said. The researcher provided what he said was a working exploit against Sophos version 8.0.6 running Apple's OS X. Attackers could "easily" rewrite the code to work against unpatched Sophos products that run on the Windows or Linux operating systems, he said.http://bit.ly/VRlGJI