Remote code execution flaws found in McAfee VirusScan Enterprise for Linux could allow an attacker to obtain root privileges, and a security researcher says that it’s all possible by simply tricking the app to use malicious update servers.
Andrew Fasano from MIT Lincoln Laboratory said in a post that he first discovered the vulnerabilities in McAfee’s solution nearly six months ago, but the security company patched them only earlier this month.