McAfee Supplies Antidote for Tainted SaaS Security
Security vendor McAfee, which is now owned by Intel (Nasdaq: INTC), is rolling out a patch for three flaws in its Endpoint Protection Software as a Service offering.
All three flaws are in ActiveX controls. One tricks the control into executing commands supplied by an attacker, the second lets attackers write to files on disk and the third lets attackers execute code with user privileges, McAfee said.
The first two flaws were patched back in August, and it's the third that created headlines earlier this week when it was found it let attackers essentially hijack victims' PCs and use them to relay spam. McAfee knows of "four to five" victims, all small and medium-sized businesses, company spokesperson Ian Bain told TechNewsWorld. The vendor "worked with them to stop [the attack] as the patch was being developed," Bain added.