McAfee has two security vulnerabilities in its software discovered. It is a bug that makes it possible to code from a distance, and conduct a vulnerability that exploits a system allows abuse to send spam.
The terms of vulnerabilities in McAfee SaaS for Total Protection, a cloud-based customers must protect against malware. The vulnerabilities are not in the servers of McAfee, but in the client that interacts with the cloud-based. McAfee has announced that it one of these days a patch is coming for the bugs to crush it.
The bugs are quite serious; a allows remote execution of code possible by using an ActiveX object to run. It is therefore possible for data to steal users’, although McAfee says ‘no evidence’. The problem is, according to McAfee similar to a in last summer’s bug fixed. A patch was then released, would the possibility of the now-discovered bug abuse ‘in fact reduce to zero’, claims McAfee. Or that is really so, remains to be seen.
The second vulnerability makes it possible to machines with the software to use as a relay for sending mail. This allows an attacker through the machines, for example, to send spam, something which in practice is done, McAfee. It is not known how large the spamprobleem is and how often it is misused, but the security company claims that this bug no access to private information.