Internet security experts warn that users of Symantec's latest anti-virus suite are vulnerable to attack by hackers who could gain complete control of their target machine.
Because the report on the flaw is so new and Symantec has not had time to develop a patch for it, eEye Digital Security, the firm that discovered the flaw, has posted an advisory but is releasing few details about it.
According to eEye Digital Security's website, it's known that Symantec Antivirus 10.x and Symantec Client Security 3.x and possibly more are affected but consumer products do not have the flaw.
In a statement to Pocket-lint, a spokesperson for eEye said that as its products are designed to integrate with third-party applications, they routinely look for flaws in other systems to improve their own solutions. "For this particular discovery, our researchers found the hole during a routine evaluation of Symantec's AntiVirus Corporate Edition software. Within a week, we completed our testing process and notified Symantec of the vulnerability."
EEye estimates that Symantec will take one to two months to issue a patch. "They have a history of being responsive to fixing problems as quickly as possible."
Symantec has confirmed to Pocket-lint that the vulnerability does not affect its Norton brand of products.
The bug leaves computers open to worms, which self-execute from computer to computer. A hacker could attack a target computer without the user being aware anything is going on before it's too late.
However, the company said, "To date, Symantec has not had any reports of any related exploits of this suspected vulnerability."
Over the last 18 months, several code execution holes have been found in various anti-virus software, making them future targets for hackers aware that anti-virus programs are not foolproof.