Norton Security for Mac - MITM SSL Certificate Vulnerability (CVE-2017-15528)

Overview

"Norton Internet Security for Mac protects your Mac from virus and malware via advanced scanning and detection technologies."

(https://us.norton.com/macintosh-internet-security)

Issue

The Norton Security for Mac stub installer below version 7.6, does not validate the SSL certificate it receives when connecting to the server used to download the main installer.

Impact

An attacker who can perform a man in the middle attack may present a bogus SSL certificate which the stub installer will accept silently and could allow the download server to be spoofed.

Timeline

August 26, 2017 - Notified Symantec via secure@symantec.com
September 29, 2017 - Provided the vulnerability details to CERT/CC
October 9, 2017 - CERT/CC confirmed they received the report details
November 6, 2017 - Asked CERT/CC if Symantec provided an update on the status of the fix
November 20, 2017 - Symantec released version 7.6 of the stub installer
November 21, 2017 - CERT/CC published vulnerability note VU#681983
April 26, 2018 - Published an advisory to document the issue

Solution

Utilize Install Norton Security for Mac version 7.6 or greater

CVE-ID:

CVE-2017-15528

CERT/CC Report

https://www.kb.cert.org/vuls/id/681983

Questions?

Contact Information

Info-Sec.CA