Symantec patched a certificate spoofing vulnerability in its Install Norton Security product that occurs when downloading Norton for Mac.
The exploit was caused by the CVE-2017-15528 vulnerability which had a Low Severity Rating but could allow an attacker to spoof a target site or carry out man-in-the-middle attacks, according to a 21 November security advisory.
“The Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target,” the advisory said.
Those who are affected are urged to update to version 7.6 by uninstalling the previous version and then installing the latest version. Researchers are currently unaware of any exploits in the wild. Earlier this week Symantec updated its Management console product to patch a vulnerability that can leave users susceptible to a directory traversal exploit.