Network Security, Security Strategy, Plan, Budget

Symantec patches certificate spoofing flaw in Install Norton product

Symantec patched a certificate spoofing vulnerability in its Install Norton Security product that occurs when downloading Norton for Mac

The exploit was caused by the CVE-2017-15528 vulnerability which had a Low Severity Rating but could allow an attacker to spoof a target site or carry out man-in-the-middle attacks, according to a Nov. 21 security advisory.

“The Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target,” the advisory said.

Those who are affected are urged to update to version 7.6 by uninstalling the previous version and then installing the latest version. Researchers are currently unaware of any exploits in the wild. Earlier this week Symantec updated its Management console product to patch a vulnerability that can leave users susceptible to a directory traversal exploit.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.