(Associated Press via NewsEdge) Consumer versions of McAfee's leading software for securing PCs are susceptible to a flaw that can expose passwords and other sensitive information stored on personal computers, researchers have said.
The vulnerability affects many of McAfee's most popular consumer products, including its Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles, Marc Maiffret, chief hacking officer at eEye Digital Security, a competing maker of security products, said Monday.
McAfee spokeswoman Siobhan MacDermott confirmed the vulnerability and said software engineers were testing a fix. She said officials expected to release the patch Wednesday using a feature that automatically updates McAfee products over the Internet. The flaw does not affect 2007 versions of McAfee products, she said.
Maiffret said he has found a way to connect to PCs running the flawed McAfee products over the Internet and make them run code of his choosing.
The flaw, if exploited, would make it possible for a criminal to track bank account numbers, and access, modify and delete sensitive files and do other damage on machines running the McAfee products, he said.
The reported flaw came on the same day that McAfee posted an item on its Web site taking a swipe at Microsoft, whose products increasingly compete with the offerings of McAfee, Symantec and other security companies.
c 2006 The Associated Press
c 2006 Dialog, a Thomson business. All rights reserved