McAfee Admits to Flaw, Apologizes for Quiet Fix

McAfee, a top computer security firm, on Friday admitted that it had accidentally fixed a potentially dangerous flaw in its technology for managing security software in large organizations and businesses six months ago, and apologized for not alerting companies or government agencies until last week, the Associated Press reports via BostonHerald.com.

The security software firm issued an apology to its customers on Friday and suggested that all of its users upgrade to the most recent version of the software to prevent future security issues, according to the AP.

Siobhan MacDermott told the AP that there have been no reports of attacks exploiting the now-patched flaw.

The flaw affects McAfee’s ePolicy Orchestrator tool, which is employed for managing security software on thousands of computers at McAfee customers’ organizations or agencies, the AP reports.

McAfee said its chief software architect, John Viega, unknowingly fixed the flaw—which could have allowed malicious users to obtain sensitive information, delete information or hide dangerous malware on users’ computers—six months ago while performing additional modifications to the software at issue, according to the AP.

“We didn’t really realize we fixed the problem,” Viega told the AP. “We fixed one, but it was by accident.”

Last week, eEye Digital Security staffers found the flaw and brought it to McAfee’s attention, the AP reports. 

Only corporate users of the software were affected, as consumer versions don’t employ McAfee’s centralized software management application to update antivirus definitions or other threat warnings, according to the AP.

Earlier in the week, McAfee Chief George Samenuk criticized Microsoft for the many recently uncovered flaws in its software, and said McAfee is ready to hold its own with the Redmond, Wash.-based software giant in the security space.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.