Okay, if you want to believe The Inquirer and Google rather than Symantec who says:
"All Norton products have been updated through LiveUpdateTM. Customers of Symantec Enterprise products should check the chart below to determine which products have been updated automatically and which require product updates."
Dated June 28, 2016.
Here is another article on this:
iTWire - Google finds Symantec-Norton security holesGoogle finds Symantec-Norton security holes
- 08 July 2016
Google’s Project Zero found the flaws and stated, “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases, on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption. As Symantec use the same core engine across their entire product line, all Symantec and Norton-branded antivirus products are affected by these vulnerabilities.”
Norton was quick to react. Patches for its cloud-based products has started and legacy installed products will be patched shortly. Importantly, there are no known exploits at this time, but it won’t take long for cybercriminals to exploit any unpatched systems.
As you can see this was dated Friday July 8 and some patches will be available shortly.
The original report by Google Project Zero was issued on Jun 28 and the last line states:
https://googleprojectzero.blogspot.c...-endpoint.htmlThanks to Symantec Security Team for their help resolving these bugs quickly.
Norton released a fix on the June 28 with an update on June 29.
https://www.symantec.com/security_re...id=20160628_00
Just because all these other sites are behind the times and reporting old news.
Jim
Norton had a few bugs in the newly released 22.7.0.76 version and have released fixes for most of them over the last week.
Jim
From the Norton website user forum:
Identity Safe limited compatibility with Firefox - current status | Norton CommunityThe Norton v22.7.0.76 update released 20-Jun-2016 includes a patch for the vulnerabilities listed in that US-CERT alert TA16-187A (link is external). From the Solutions section of that US-CERT alert: "Symantec has provided patches or hotfixes to these vulnerabilities in their SYM16-008 [9] and SYM16-010 [10] security advisories."
See RLWA32's thread Support of NIS 21.7.0.11 Discontinued for comments from Symantec employee Tony Weiss on this topic. As noted in that thread, only the latest v22.7.x products will receive the patch.
To the best of my knowledge, the only Symantec product line still waiting for a patch for these vulnerabilities are the workstations (desktop clients) for the cloud-managed version of Symantec Endpoint Protection - Small Business Edition (SEP/SBE) - see my comments in DynaEan's thread Norton causing BSOD.
I agree with you that Symantec handled this entire situation poorly. Their customers deserve better.
-----------
I have never used anything but Windows Defender/Security Essentials and some common sense, and have not had any problems. But then, I don't do prOn sites. Oh, and I make daily backups. As far as I'm concerned, the third party anti virus stuff is just another layer of cruft and vulnerability.
Quote
