A self-confessed white-hat hacker has published proof-of-concept attacks against websites connected to global IT security vendor McAfee. XSS vulnerabilities allow for an IFrame injection and rogue redirection.
Methodman, a member of the Team Elite programming outfit, has published screenshots of the flaws he found in kc.mcafee.com and mcafeerebates.com, a website administered by a McAfee business partner. McAfee is just the latest addition to what begins to look like a long list of AV vendors, which includes names such as those of Symantec, Kaspersky, Avira, ESET, AVG, Bitdefender or F-Secure, whose websites have been found vulnerable to similar attacks.
make sure you subscribe to my RSS feed!