Symantec Fixes Critical Security Flaw

UPDATED Symantec over the Memorial Day weekend began distributing a patch for a flaw that affected its Symantec AntiVirus and Client Security products. Highlighting the potentially serious consequences of the vulnerability, the patch came just days after eEye Digital Security warned of the issue.

The patch is now available for automatic download through Symantec's updating mechanisms, and may have come before any attackers had a chance to exploit the flaw. So far, Symantec claims it has not received any reports of malicious use of the vulnerability.

If left unpatched, the right attack could have affected millions. However, Symantec said it had engineers working 24 hours a day to provide a fix.

Complete details of the vulnerability are still being withheld until a patch is available for every language version of the Symantec AntiVirus program. Symantec says that it may be ready to discuss the issue as early as this week.

Representatives for eEye praised Symantec for the quick turnaround. Typically, fixes for flaws may take as long as several months to appear, the firm said, leaving users vulnerable to attacks.