Vulnerability Note VU#681983
Install Norton Security for Mac does not verify SSL certificates
Install Norton Security for Mac, prior to version 7.6, does not validate SSL certificates.
CWE-295: Improper Certificate Validation - CVE-2017-15528
The Install Norton Security for Mac installer, versions prior to 7.6, fails to properly validate SSL certificates provided by HTTPS connections, which can allow an attacker to obtain a Man-in-the-Middle position.
An attacker with a Man-in-the-Middle position can spoof content retrieved using HTTPS.
Use Updated Installer
Symantec has released an updated installer, version 7.6, to address the vulnerability. Please see more information at Symantec's advisory.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Symantec||Unknown||09 Oct 2017||09 Oct 2017|
CVSS Metrics (Learn More)
Thanks to David for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2017-15528
- Date Public: 21 Nov 2017
- Date First Published: 21 Nov 2017
- Date Last Updated: 21 Nov 2017
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.