Skip to main content

Tim Bray

See All Stories
Site default logo image

Use Sophos antivirus? Watch out

Tim Bray notes a post on Neohapsis:

A working exploit for Sophos 8.0.6 on Mac is available, however the
techniques used in the exploit easily transfer to Windows and Linux,
due to multiple critical implementation flaws described in the paper.
Testcases for the other flaws described in the paper are available on
request.

Sophos responded with a post on the multiple vulnerabilities, and it responded over and over that “Sophos has seen no evidence of this vulnerability being exploited in the wild.” But, is that really good enough? How about issuing a fix in the two plus months that they’ve known about these issues?  It only takes one wild exploit.

Sophos gave 9to5Mac the following comment:

Some were fixed last month, and for others we started rolling out patches to our users today.  :-)

Users of Sophos products should be automatically updated, but if anyone wants to be sure they can initiate a manual update.
Expand
Expanding
Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications