eEye says I spy a flaw in McAfee

Stan Beer
Wednesday, 02 August 2006 17:23

Business IT - Security

eEye Digital Security, the security company which specialises in finding flaws in the products of other security companies, has been at it again. This time the object of attention is SecurityCenter, the flagship consumer product of anti-virus behemoth McAfee, which was under eEye's microscope only last month.

The flaw found in SecurityCenter up to version 6.0, which includes component products such as VirusScan, Personal Firewall Plus and Spamkiller, could enable hackers to gain control of computers that visit rogue websites.

McAfee has acknowledged the threat and has said that it will send out a security patch to users by today at the latest but claims that it has not received any notifications of a hacking occurrence from its user base.

eEye, which rates the latest McAfee vulnerability as critical, has recently found flaws in both McAfee and Symantec products.

In July, eEye revealed a flaw in McAfee ePolicy Orchestrator which is used to manage security software on millions of PCs at the firm's corporate and government client sites, including the US Department of Defence. In May, Symantec was embarrassed when eEye revealed a serious vulnerability in enterprise security products Symantec Client Security and Symantec AntiVirus Corporate Edition.