McAfee on Tuesday updated a buggy component of its consumer security software to quash a vulnerability that could let attackers hijack PCs.
The flaw in SecurityCenter, a status panel and threat notifier included with McAfee consumer and small business security titles such as VirusScan, SpamKiller, and Internet Security Suite, was discovered by eEye Digital Security and reported to McAfee two weeks ago.
According to eEye's alert, which was posted Monday, the SecurityCenter vulnerability allows attackers to compromise the computer, which in turn can lead to installation of Trojans, deletions of files, or other malicious activities. eEye marked the bug as a "High" threat.
Simultaneously, McAfee issued its own security bulletin informing customers that it had revised SecurityCenter and as of Saturday pushed the new version 7.0 to its update servers. "Most users will automatically receive this update," said the McAfee alert.
McAfee, which judged the vulnerability as just a "medium" threat because an attack would require the user to visit a malicious Web site, said it will release patches for older versions of SecurityCenter on Wednesday. The patches will only be necessary if a user declines to update to 7.0.