Unfortunately, "when looking at how even a behemoth of a security product vendor like Symantec is bundling ancient code in their products, clearly hasn't subjected this code to security reviews and testing, and to top it off runs this old, unsafe code with SYSTEM/root privileges, it is clear that security vendors don't hold themselves to very high standards," Carsten Eiram, the chief research officer of vulnerability intelligence firm Risk Based Security, said by email.
According to RBS' data, 222 vulnerabilities have been reported this year in security products, representing 3.4 percent of all vulnerabilities seen in 2016 so far.
"It may not sound like much, but it's actually quite significant," Eiram said.
Symantec has published a security advisory that lists the affected products and contains instructions on how to update them. All Norton products -- the consumer line -- should have been updated automatically.
Source: CSO Australia
Sign up for CIO Asia eNewsletters.