Antivirus software flaw exposes Apple computers

A flaw in security software maker McAfee Inc.'s antivirus program for Apple Inc.'s Mac computers could allow a malicious individual to increase their access privileges on a targeted machine.

The vulnerability in McAfee's Virex software could let an attacker install and run programs such as a computer virus on a victim's machine, Danish computer security company Secunia ApS reported in an alert issued Wednesday.

The flaw allows any user on the system to modify or delete the software's configuration file, which means that anyone can define which files should be excluded from a virus scan.

In order to take advantage of the vulnerability, an attacker would need physical access to a targeted machine, prompting Secunia to rate the flaw "less critical" its second-lowest rating on a five-point scale.

McAfee is aware of the flaw and has issued a patch for Virex 7.7 for Mac OS X, which was been sent to all computers running the software and accepting automatic updates starting Feb. 12. The patch can also be downloaded from McAfee's website. McAfee rates the vulnerability risk "low."

Secunia noted that other versions of Virex may be affected.

The vulnerability was discovered and reported to McAfee by security researcher Kevin Finisterre of Digital Munition / Netragard.