Millions of pcAnywhere users still Vulnerable to hijacking
5 weeks before we reported that Symantec releases patch to address pcAnywhere
source code exposure, because attackers had obtained the remote access
software's source code. But According to H.D. Moore, chief security
officer at Rapid7, estimated 150,000 to 200,000 PCs are running an
as-yet-unpatched copy of the Symantec software.
While Symantec said it had patched all the known vulnerabilities in pcAnywhere. Symantec has released
new information and a patch to address the recent code exposure
incident. According to Computerworld report, PCs connected to the
Internet, including as many as 5,000 running point-of-sale programs that
collect consumer credit card data, could be hijacked by hackers
exploiting bugs in the troubled program.
Symantec released a patch that
eliminates known vulnerabilities affecting pcAnywhere 12.0 and
pcAnywhere 12.1.At this time, Symantec recommends that all customers
upgrade to pcAnywhere 12.5, apply all relevant patches as they are
released, and follow general security best practices.
Moore said, even though Symantec
has patched some flaws. With the source code at their disposal and the
software's problems highlighted in the media, researchers on both sides
of the law will spend time looking for vulnerabilities.