Symantec has patched a widely reported flaw in the English versions of its corporate antivirus software.The flaw, which affects recent versions of its Client Security and Antivirus Corporate Edition products, is considered serious, and could be exploited by hackers to run unauthorized software on unpatched PCs.It was discovered by rival security vendor eEye Digital Security and first disclosed last Wednesday. Three days later, Symantec patched the problem, according to an alert published Saturday on Symantec’s website.The patches are for English-language versions of Symantec’s products only, and a Symantec spokesman could not say when the complete line of products would be patched. Symantec did not release many details on the flaw, but eEye has warned that it is the kind of vulnerability that could be used to build a self-replicating worm attack, similar to the Blaster and Slammer outbreaks of 2003.That has not happened to date, and Symantec is “not aware of any customers impacted by this vulnerability, or of any exploits of this vulnerability,” the alert said. The problem affects version 3.0 and above of Client Security, and version 10 and above of Antivirus Corporate Edition. Symantec’s Norton line of consumer antivirus products is not affected.A number of other flaws have been reported in Symantec’s security products over the past year. In December, researcher Alex Wheeler discovered a flaw in Symantec’s Antivirus Library that could allow remote attackers to gain control of systems that used Symantec’s products. Research about the flaw can be found online.In October, a critical flaw was found in the company’s Scan Engine software. Information about the flaw can be found online.EEye’s note on the flaw can be found here.-Robert McMillan, IDG News ServiceFor related news coverage, read Flaw Found in Symantec Antivirus. Keep checking in at our CSO Security Feed page for updated news coverage. Related content feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management news Intel Trust Authority attestation services now in general availability Formerly known as Project Amber, Intel’s attestation services support confidential computing deployments. By Michael Nadeau Sep 20, 2023 3 mins Zero Trust Security Hardware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe