By design, antivirus products introduce a vast attack surface to a hostile environment. The vendors of these products have a responsibility to uphold the highest secure development standards possible to minimize the potential for harm caused by their software. This second paper in a series on Sophos internals applies the results previously presented to assess the increased threat Sophos customers face. This paper is intended for a technical audience, and describes the process a sophisticated attacker would take when targeting Sophos users.
6e947610a5f61d4dfef968f6267c1b7f69d040adf4a3f5f08d7edf9ebe6f3000
Sophos Antivirus version 8.0.6 PDF revision 3 encryption exploit as discussed in the Sophail whitepaper.
2c16a524399c2a500b943b2b99acdae689be3704d09294f5df81e83f3b0a1e62