Skip to navigation
Latest News

Researchers spot security holes in McAfee website

security bug

By Nicole Kobie

Posted on 29 Mar 2011 at 14:54

Researchers have revealed three security flaws in McAfee's website.

The researchers from the YGN Ethical Hacker Group published the security holes online after warning McAfee of the flaws in February.

One of the flaws was a cross-site scripting vulnerability, which could allow the site to be spoofed. The other two flaws were information disclosures, that showed source code and application data.

McAfee stressed that the flaws didn't put customer data at risk.

"It is important to note that these vulnerabilities do not expose any of McAfee's customer, partner or corporate information," a McAfee spokesperson said in a statement. "Additionally, we have not seen any malicious exploitation of the vulnerabilities."

"McAfee has strict policies in place for its own websites and for services provided by third parties," McAfee added. "We are investigating how these particular vulnerabilities were not identified in our screening process and will adjust our processes if necessary."

The researchers noted similar flaws have been found on the McAfee website over the past three years.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

You cannot be serious?

So the fact the site can be spoofed and lead users to malware infected versions of their downloads is not serious enough for McAfee? They can't say the risk is minimal because such a statement will come back to bite them. Just because they haven't been exploited yet doesn't mean they won't be. especially now there are articles like this on the net.

By mr_chips on 29 Mar 2011

Their software lets viruses run free, so a spoofable website fits well.

Our scores are viruses found 0, virus infections 3. Malware found 0, malware not found 2.

By tirons1 on 29 Mar 2011

yeah but...

"It is important to note that these vulnerabilities do not expose any of McAfee's customer, partner or corporate information," a McAfee spokesperson...

In my opinion using mcafee's products is what puts their customers at risk.

By MrAnadin on 29 Mar 2011

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.