Norton Security for Mac - MITM SSL Certificate Vulnerability (CVE-2017-15528) Overview "Norton Internet Security for Mac protects your Mac from virus and malware via advanced scanning and detection technologies." (https://us.norton.com/macintosh-internet-security) Issue The Norton Security for Mac stub installer below version 7.6, does not validate the SSL certificate it receives when connecting to the server used to download the main installer. Impact An attacker who can perform a man in the middle attack may present a bogus SSL certificate which the stub installer will accept silently and could allow the download server to be spoofed. Timeline August 26, 2017 - Notified Symantec via secure@symantec.com September 29, 2017 - Provided the vulnerability details to CERT/CC October 9, 2017 - CERT/CC confirmed they received the report details November 6, 2017 - Asked CERT/CC if Symantec provided an update on the status of the fix November 20, 2017 - Symantec released version 7.6 of the stub installer November 21, 2017 - CERT/CC published vulnerability note VU#681983 April 26, 2018 - Published an advisory to document the issue Solution Utilize Install Norton Security for Mac version 7.6 or greater CVE-ID: CVE-2017-15528 CERT/CC Report https://www.kb.cert.org/vuls/id/681983