Google Project Zero researcher Tavis Ormandy has once again found significant vulnerabilities in Symantec’s security products. He found a host of issues, including vulnerabilities that could be triggered by sending an email to someone or a link to an exploit. A file containing an exploit would not even have to be opened by the victim, meaning the attack essentially has worm-like capabilities. The company says it isn’t aware of active attacks, but administrators should get patching. The vulnerabilities are as bad as it gets, he writes.”]
Source: https://www.govinfosecurity.com/second-symantec-anti-virus-bugfest-found-a-9232