Ormandy has released a scathing 30-page analysis “Sophail: Applied attacks against Sophos Antivirus”, in which he details several flaws “caused by poor development practices and coding standards”, topped off by the company’s sluggishly response to the warning he had working exploits for those flaws.
One of the exploits Ormandy details is for a flaw in Sophos‘ on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the “wormable, pre-authentication, zero-interaction, remote root” affected all platforms running Sophos.
Ormandy released the paper (PDF) as an independent security researcher and concludes: “[I]nstalling Sophos Antivirus exposes machines to considerable risk. If Sophos do not urgently improve their security posture, their continued deployment causes significant risk to global networks and infrastructure.”