Users warned on McAfee security flaw

Consumer versions of McAfee's leading software for securing PCs are susceptible to a flaw that can expose passwords and other sensitive information stored on personal computers, an Associated Press report, quoting a McAfee competitor, said.

The report, quoting Marc Maiffret, chief hacking officer at eEye Digital Security, said the vulnerability affected many of McAfee's most popular consumer products, including its Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles.

McAfee spokeswoman Siobhan MacDermott confirmed the vulnerability and said software engineers were testing a fix, the report said.

She said officials expected to release the patch using a feature that would automatically update McAfee products over the Internet.

The flaw did not affect 2007 versions of McAfee products, she said.

Maiffret, meanwhile, said he had found a way to connect to PCs running the flawed McAfee products over the Internet and make them run a code of his choosing, according to the report.

The flaw, if exploited, would make it possible for a criminal to track bank account numbers, and access, modify and delete sensitive files and do other damage on machines running the McAfee products, he said.