McAfee has fixed a flaw involving older versions of its consumer security software that creates a means for hackers to compromise vulnerable systems.

The bug is the latest in a string of flaws affecting security software packages that have come to light over recent months.

In this case, the unspecified security bug relates to McAfee SecurityCenter, creating a means to execute hostile code providing users can be tricked into visiting a malicious website.

The vulnerability affects versions 4.3 through 6.0.22 of SecurityCenter, a component of a wide range of McAfee security products including: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller and McAfee AntiSpyware.

Users are advised to update to McAfee SecurityCenter, as explained in an advisory by McAfee here. Most, but not all, McAfee users will automatically receive the update.

The bug was discovered by security researchers at eEye Digital Security, which has published an advisory here. ®

Related stories

McAfee upgrade plays nasty with Lotus Notes (23 January 2007)
McAfee opens data-theft snooping service (16 October 2006)
Kaspersky in heap-based buffer overflow vuln (4 October 2005)
Sophos bug highlights wider anti-virus flaws (29 July 2005)
Symantec false alert floors Macs (10 May 2005)
PC-cillin killed my PC (25 April 2005)
Anti-virus vulnerabilities strike again (18 March 2005)
BitDefender bug bites GFI (2 March 2005)
McAfee AV ate my application (7 September 2004)