NEWS Sophos has announced a flaw in its flagship antivirus product but said it is working on fixes.
The Abingdon, England-based company said that Sophos Anti-Virus can potentially be attacked by a buffer overflow, which knocks out a program by flooding it with data. A patch has already been created for Sophos Antivirus 4.5.4 and for most versions of Sophos Antivirus 3.96.0. An update for Sophos Anti-Virus Small Business Edition will be released on Friday, and all other versions will be fixed within two weeks, the antivirus maker said.
According to the company advisory: "Although theoretically a risk, Sophos has not seen any examples of malware attempting to exploit this vulnerability."
The flaw was discovered by Alex Wheeler, the company stated. Earlier in the week, Neel Mehta of Internet Security Systems in Atlanta, said he and Wheeler would hold a session at the Black Hat security conference this week in Las Vegas to outline how antivirus programs could increasingly become targets for hackers because of latent flaws.
In the past year, ISS has discovered bugs in products from security software makers F-Secure, McAfee, Symantec and Trend Micro, he noted. Earlier this week, several flaws discovered by ISS were disclosed and fixed in Clam Antivirus, a popular open source virus scanner.
Michael Kanellos writes for CNET News.com
