McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.
SaaS for Total Protection, the vulnerable software, will be patched on "January 18 or 19, as soon as we have finished testing", McAfee promised in a blog post published on Wednesday.
Two security issues in SaaS for Total Protection product have cropped up over recent days. The first security scare involves the possibility that an attacker might misuse an ActiveX control to execute code. The second abuses McAfee's "rumor" (update) technology to turn machines running the SaaS for Total Protection client into spam-spewing open relays.
The spam-relay problem resulted in genuine inconvenience for some McAfee customers, whose email was blocked after their IP addresses appeared on blacklists, prompting complaints to McAfee's forums and blog posts on the issue (here and here).
