Symantec patches critical flaws in Web Gateway after five-month delay
Symantec has released security updates for its Web Gateway product after researchers uncovered serious flaws. The vulnerabilities could let attackers take control of the system and steal sensitive data. The fixes arrived five months after the issues were first reported.
Johannes Greil, head of SEC Consult Vulnerability Lab, discovered the critical weaknesses during a brief test. His team warned that hackers might combine multiple flaws to fully compromise the appliances. These devices are meant to shield organisations from web-based malware.
Symantec eventually rolled out patches last week, though no company was named in connection with the updates. The delay contrasts with McAfee’s recent response—it fixed flaws in its ePolicy Orchestrator within a week of being alerted.
Industry standards suggest fixing critical vulnerabilities within 60 days. However, Google’s security team argues that companies should act within seven days if exploits are already active.
The updates address risks that could allow unauthorised access and data interception. Greil has urged security firms to prioritise securing their own products. The incident highlights ongoing challenges in timely vulnerability management.
