McAfee has confirmed SaaS for Total Protection contains two vulnerabilities which could let hackers use machines as open relays for spam.
The security company owned by Intel admitted the flaws in its hosted anti-malware solution in a blog post, trying to reassure customers the holes were limited to this single product.
The first flaw could allow attackers to "misuse" ActiveX controls in order to execute malicious code. However, the second would enable cyber criminals to use an infected machine as an open relay to distribute spam to other users.
Whilst the first was similar to an issue patched in August last year, meaning the risk for customer data was low, the second hole has been abused by spammers.
"The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them," wrote David Marcus, director of security research for McAfee.
"Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine."
McAfee hopes to release a patch to fix both issues this week as soon as it has finished the necessary testing.
"Because this is a managed product, all affected customers will automatically receive the patch when it is released," added Marcus.
The company claimed there was no evidence of loss or compromise of any customer data due to the two flaws.
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
