Symantec yesterday quietly warned pcAnywhere and pcAnywhere Solution customers to update to new versions of its remote access software that contain a “redesigned security model”.
“These releases contain a redesigned security model, as well as all previous fixes, to improve pcAnywhere communications and overall security,” the vendor wrote on its page dedicated to “Claims by Anonymous about Symantec Source Code”.
The latest pcAnywhere update follows Symantec’s original alert in January for customers to disable the software. Back then Symantec released patches for versions as far back as 12.0, however yesterday's release notes indicate that it will no longer provide support for these older versions.
Symantec has said little about pcAnywhere since early March when it warned that an exploit for pcAnywhere had been publicly released that would allow an attacker to crash “fully patched versions of pcAnywhere on any Windows PC”.
In a brief whitepaper (PDF) the vendor urged customers to upgrade to pcAnywhere 12.5 SP4 and pcAnywhere Solution 12.6.7, which besides fixing known flaws and are not backward compatible with any older versions.
In the release notes for pcAnywhere Solution version 12.6.7, Symantec also advised it will “not provide fixes for existing versions of pcAnywhere Solution because of known security risks”.